Bug#1041574: marked as pending in gnome-shell-extension-hamster

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #1041574 in gnome-shell-extension-hamster reported by you has been fixed in 
the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/projecthamster-team/gnome-shell-extension-hamster/-/commit/618b903b9752d8395e4fc2cc678bb38144acbd46


Changes for NMU  0.10.0+git20210628-4.1

Closes: #1041574


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1041574

Bug#1008549: marked as pending in gnome-shell-extension-hamster

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #1008549 in gnome-shell-extension-hamster reported by you has been fixed in 
the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/projecthamster-team/gnome-shell-extension-hamster/-/commit/f9fcca21d26a9dcacb341dc2f3abcab2e39aab8f


Document compatibility with GNOME 42

Closes: #1008549


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/1008549

Bug#1005132: drf-yasg-nonfree: File conflicts between two different 1.20.1-1 versions

[Raphaël Hertzog]

Source: drf-yasg-nonfree
Version: 1.20.1-1
Severity: serious
User: de...@kali.org
Usertags: origin-kali

drf-yasg-nonfree 1.20.1-1 was uploaded as source only on January 23th,
the lack of binaries ended up in the package being removed by dak's 
auto-cruft. Then the maintainer rebuilt a new source package while keeping
the 1.20.1-1 version and uploaded it again.

deb.debian.org is a CDN and keeps in cache the package files for a very
long time because they are supposed to be immutable so if you try to
download drf-yasg-nonfree from deb.debian.org you get the first version
of the package while the metadata refers to the second version and as
such you get a checksum error (as I did in Kali, while trying to mirror
bookworm):

Wrong checksum during receive of
'http://deb.debian.org/debian/pool/non-free/d/drf-yasg-nonfree/drf-yasg-nonfree_1.20.1-1.dsc':
md5 expected: 5c87ae878afc6adf6708439e2a0b4e97, got: 
63c6925011f77e02306f451036181a13
sha256 expected: 
2b3265636ef93b490b633cee9897c8462fb1cb42d1fb65226fb5a8601631ecd9, got:
834fa39b7b970704f936fc2a293ca47f9efc1939a62f5a33fcd0cea4e4a0767c
size expected: 2467, got: 2434

This bug is just a request to upload 1.20.1-2 to get rid of this
inconsistency that will last in deb.debian.org for as long as we don't
upload a new version.

The package has been temporarily removed from testing by Julien Cristau
to make sure that mirroring bookworm out of deb.debian.org will work
again shortly.

-- System Information:
Debian Release: bookworm/sid
  APT prefers stable-security
  APT policy: (500, 'stable-security'), (500, 'oldoldstable'), (500, 
'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.15.0-3-amd64 (SMP w/16 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#996060: marked as pending in gnome-shell-extension-hamster

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #996060 in gnome-shell-extension-hamster reported by you has been fixed in 
the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/projecthamster-team/gnome-shell-extension-hamster/-/commit/b5ac06729a7eb15f3afaddf354741a678cf93fb4


Document compatibility with GNOME Shell 41

Tighten the gnome-shell dependency to not allow usage with gnome-shell 42.

Gbp-Dch: Full
Closes: #996060


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/996060

Bug#984547: isenkramd failure with with "TypeError: argument should be integer or bytes-like object, not 'str'"

[Raphaël Hertzog]

Package: isenkram
Version: 0.45
Severity: serious
X-Debbugs-Cc: hert...@debian.org

I saw this in my logs:
mars 04 20:22:14 t14-buxy isenkramd.desktop[3020]: Traceback (most recent call 
last):
mars 04 20:22:14 t14-buxy isenkramd.desktop[3020]:   File "/usr/bin/isenkramd", 
line 400, in uevent_callback
mars 04 20:22:14 t14-buxy isenkramd.desktop[3020]: if not 
is_pkg_installed(pkg):
mars 04 20:22:14 t14-buxy isenkramd.desktop[3020]:   File "/usr/bin/isenkramd", 
line 340, in is_pkg_installed
mars 04 20:22:14 t14-buxy isenkramd.desktop[3020]: if 0 == line.find("ii "):
mars 04 20:22:14 t14-buxy isenkramd.desktop[3020]: TypeError: argument should 
be integer or bytes-like object, not 'str'

It looks like that the package was not fully tested in a Python 3 context
as this is a common failure when you mix binary content and text content.

Cheers,

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 5.10.0-3-amd64 (SMP w/16 CPU threads)
Kernel taint flags: TAINT_WARN
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages isenkram depends on:
ii  gir1.2-gtk-3.0 3.24.24-3
ii  gir1.2-gudev-1.0   234-1
ii  gir1.2-notify-0.7  0.7.9-3
ii  gir1.2-packagekitglib-1.0  1.2.2-2
ii  isenkram-cli   0.45
ii  packagekit 1.2.2-2
ii  python33.9.1-1
ii  python3-gi 3.38.0-2

isenkram recommends no packages.

isenkram suggests no packages.

-- no debconf information

Bug#975666: marked as pending in sslsniff

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #975666 in sslsniff reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/sslsniff/-/commit/7b8c4de5bcb914f5e5f04b8f350da9ed3fd9


Merge branch 'fix_boost174' into 'debian/master'

Fix compilation against boost 1.74. (Closes: #975666)

See merge request pkg-security-team/sslsniff!1


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/975666

Bug#975666: marked as pending in sslsniff

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #975666 in sslsniff reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/sslsniff/-/commit/681b410b205cca548bdd4436e6a44d9c218bfb8f


Fix compilation against boost 1.74. (Closes: #975666)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/975666

Bug#976372: gnome-shell-xrdesktop: FTBFS and is not built against latest libmutter

[Raphaël Hertzog]

Package: gnome-shell-xrdesktop
Version: 3.36.1-2
Severity: serious
Justification: FTBFS
User: de...@kali.org
Usertags: origin-kali

I noticed gnome-shell-xrdesktop depends on libmutter-6-0 which is obsolete
in unstable. I wanted to rebuild the package to have it link against a
newer mutter version but the package failed to build for me:

PKG_CONFIG_PATH:
Called `/usr/bin/pkg-config --modversion xrdesktop-0.14` -> 1

CMake binary for MachineChoice.BUILD is not cached
None of 'CMAKE' are defined in the environment, not changing global flags.
CMake binary missing from cross or native file, or env var undefined.
Trying a default CMake fallback at cmake
Did not find CMake 'cmake'
Found CMake: NO
No CMake binary for machine 0 not found. Giving up.
Run-time dependency xrdesktop-0.14 found: NO (tried pkgconfig)

../meson.build:107:0: ERROR: Dependency "xrdesktop-0.14" not found, tried 
pkgconfig
dh_auto_configure: error: cd obj-x86_64-linux-gnu && LC_ALL=C.UTF-8 meson .. 
--wrap-mode=nodownload --buildtype=plain --prefix=/usr --sysconfdir=/etc 
--localstatedir=/var --libdir=lib/x86_64-linux-gnu --libdir=/usr/lib 
-Dbash_completion=true -Denable-networkmanager=yes -Denable-systemd=yes 
returned exit code 1
make[1]: *** [debian/rules:26: override_dh_auto_configure] Error 25
make[1]: Leaving directory '/<>'
make: *** [debian/rules:17: binary] Error 2
dpkg-buildpackage: error: debian/rules binary subprocess returned exit status 2

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-shell-xrdesktop depends on:
ii  dconf-gsettings-backend [gsettings-backend]  0.38.0-1
ii  evolution-data-server3.38.1-2
ii  gir1.2-accountsservice-1.0   0.6.55-3
ii  gir1.2-atspi-2.0 2.38.0-2
ii  gir1.2-freedesktop   1.66.1-1+b1
ii  gir1.2-gcr-3 3.38.0-1
ii  gir1.2-gdesktopenums-3.0 3.38.0-2
ii  gir1.2-gdm-1.0   3.38.2-1
ii  gir1.2-geoclue-2.0   2.5.6-1
ii  gir1.2-glib-2.0  1.66.1-1+b1
ii  gir1.2-gnomebluetooth-1.03.34.3-2
ii  gir1.2-gnomedesktop-3.0  3.38.2-1
ii  gir1.2-gtk-3.0   3.24.23-3
ii  gir1.2-gweather-3.0  3.36.1-1
ii  gir1.2-ibus-1.0  1.5.23-1
pn  gir1.2-mutter-6  
ii  gir1.2-nm-1.01.27.91-2
ii  gir1.2-nma-1.0   1.8.30-1
ii  gir1.2-pango-1.0 1.46.2-3
ii  gir1.2-polkit-1.00.105-29
ii  gir1.2-rsvg-2.0  2.50.2+dfsg-1
ii  gir1.2-soup-2.4  2.72.0-2
ii  gir1.2-upowerglib-1.00.99.11-2
ii  gjs  1.66.1-1
ii  gnome-backgrounds3.38.0-1
ii  gnome-settings-daemon3.38.1-2
pn  gnome-shell-common-xrdesktop 
ii  gsettings-desktop-schemas3.38.0-2
ii  libatk-bridge2.0-0   2.38.0-1
ii  libatk1.0-0  2.36.0-2
ii  libc62.31-4
ii  libcairo21.16.0-4
ii  libecal-2.0-13.38.1-2
pn  libedataserver-1.2-24
ii  libgcr-base-3-1  3.38.0-1
ii  libgdk-pixbuf2.0-0   2.40.0+dfsg-8
ii  libgirepository-1.0-11.66.1-1+b1
ii  libgjs0g 1.66.1-1
ii  libgles2 1.3.2-1
ii  libglib2.0-0 2.66.3-1
ii  libglib2.0-bin   2.66.3-1
ii  libgnome-autoar-0-0  0.2.4-2
ii  libgnome-desktop-3-193.38.2-1
ii  libgraphene-1.0-01.10.2-1
ii  libgstreamer1.0-01.18.1-1
ii  libgtk-3-0   3.24.23-3
pn  libgulkan-0.14-0 
ii  libical3 3.0.8-2
pn  libinputsynth-0.13-0 
ii  libjson-glib-1.0-0   1.6.0-1
pn  libmutter-6-0
ii  libnm0   

Bug#975519: marked as pending in scapy

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #975519 in scapy reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/scapy/-/commit/b8fccb8bb8ed36a05762834b8182bbbd117a28b4


Add support for Python 3.9

Closes: #975519


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/975519

Bug#972858: marked as pending in zim

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #972858 in zim reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/debian/zim/-/commit/add9be012d00c3ccdc91d40354a29e4b2352ee2a


Override XDG_RUNTIME_DIR to an existing path

The value of that variable is not reliable on build daemons:
see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842565

Closes: #972858


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/972858

Bug#968336: marked as pending in aflplusplus

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #968336 in aflplusplus reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/aflplusplus/-/commit/1a19a9adfbeafa55d9bad4dd2e7814267a0b5a09


Add patch to not build anything with -march=native

Closes: #968336


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/968336

Bug#968694: marked as pending in python-django-jsonfield

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #968694 in python-django-jsonfield reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/python-team/modules/python-django-jsonfield/-/commit/efdd4828f5e38ddd15085cc3d1d2098ca7dad86e


Add build-depends on python3-pyscopg2 for test suite

Closes: #968694


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/968694

Bug#964774: freetype: libfreetype6-udeb should not depend on non-udeb libbrotli1

[Raphaël Hertzog]

Source: freetype
Version: 2.10.2+dfsg-2
Severity: serious
Tags: d-i
Justification: breaks d-i
User: de...@kali.org
Usertags: origin-kali

Builds of the debian-installer are failing lately due to changes in
libfreetype6-udeb. They are failing with:

The following packages have unmet dependencies:
 libfreetype6-udeb : Depends: libbrotli1 (>= 1.0.7) but it is not installable

An udeb is not allowed to depend on non-udeb packages and there's no
udeb package for libbrotli1.

Please either disable the feature that requires brotli support in the
udeb (meaning that you have to implement a double build like in some other
packages providing udebs, see openssh or cairo) or work with the brotli
maintainer to add the required udeb.

If you go for the latter, it would be nice to disable the brotli
dependency entirely until the udeb has been added and is gone through
NEW.

We don't think that support of WOFF fonts is important in the context of
debian-installer so after a quick chat in #debian-boot, the consensus
is leaning towards disabling that dependency in a separate udeb build.

Cheers,

-- System Information:
Debian Release: bullseye/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#962995: marked as pending in testssl.sh

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #962995 in testssl.sh reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/testssl.sh/-/commit/cd6c5e008880f1ac51901167b11e7a91bc136fd5


d/control: Update binary dependencies.
Closes: #962995


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/962995

Bug#936273: marked as pending in capstone

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #936273 in capstone reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/capstone/-/commit/905a53a68b64173c102754c8aa5015004b4ea8b3


Import Debian changes 4.0.1+really+3.0.5-1.1

capstone (4.0.1+really+3.0.5-1.1) unstable; urgency=medium

  * Non-maintainer upload.
  * Drop python2 support; Closes: #936273


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/936273

Bug#956277: marked as pending in wifite

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #956277 in wifite reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/wifite/-/commit/40549d7cbaacfafa9b9196c7c6253ea408836880


Drop pyrit from autopkgtest deps

Closes: #956277


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/956277

Bug#955474: FTBFS: fatal error: stropts.h: No such file or directory

[Raphaël Hertzog]

Source: samba
Version: 2:4.11.5+dfsg-1
Severity: serious
Tags: ftbfs
Justification: fails to build from source (but built successfully in the past)
User: de...@kali.org
Usertags: origin-kali

Trying to rebuild samba in sid fails with:

[2422/4221] Linking bin/default/source4/kdc/libdb-glue.so
08:56:24 runner ['/usr/bin/gcc', 
'-Wl,--version-script=/<>/bin/default/source4/kdc/db-glue.vscript',
 '-shared', '-Wl,-h,libdb-glue.so.0', 
'source4/librpc/gen_ndr/ndr_irpc_c.c.18.o', 'source4/kdc/db-glue.c.18.o', 
'source4/kdc/sdb.c.10.o', 
'-o/<>/bin/default/source4/kdc/libdb-glue.so', '-Wl,-Bstatic', 
'-Wl,-Bdynamic', '-L/<>/bin/default/nsswitch', 
'-L/<>/bin/default/libcli/registry', 
'-L/<>/bin/default/source4/libcli/ldap', 
'-L/<>/bin/default/nsswitch/libwbclient', 
'-L/<>/bin/default/libcli/dns', 
'-L/<>/bin/default/libds/common', 
'-L/<>/bin/default/lib/socket', 
'-L/<>/bin/default/libcli/cldap', 
'-L/<>/bin/default/libcli/nbt', 
'-L/<>/bin/default/source4/lib/socket', 
'-L/<>/bin/default/auth/gensec', 
'-L/<>/bin/default/lib/addns', 
'-L/<>/bin/default/libcli/smb', 
'-L/<>/bin/default/source4/lib/http', 
'-L/<>/bin/default/source4/libcli', 
'-L/<>/bin/default/lib/dbwrap', 
'-L/<>/bin/default/source4/lib/events', 
'-L/<>/bin/default/third_party/aesni-intel', 
'-L/<>/bin/default/lib/tdb_wrap', 
'-L/<>/bin/default/source4/auth/kerberos', 
'-L/<>/bin/default/lib/ldb-samba', 
'-L/<>/bin/default/libcli/auth', 
'-L/<>/bin/default/libcli/ldap', 
'-L/<>/bin/default/lib/krb5_wrap', 
'-L/<>/bin/default/libcli/util', 
'-L/<>/bin/default/source3', 
'-L/<>/bin/default/source4/cluster', 
'-L/<>/bin/default/lib', 
'-L/<>/bin/default/lib/util', 
'-L/<>/bin/default/librpc', 
'-L/<>/bin/default/lib/param', 
'-L/<>/bin/default/source4/librpc', 
'-L/<>/bin/default/auth/credentials', 
'-L/<>/bin/default/source4/dsdb', 
'-L/<>/bin/default/source4/heimdal_build', 
'-L/<>/bin/default/lib/replace', 
'-L/<>/bin/default/source4/lib/messaging', 
'-L/<>/bin/default/auth', 
'-L/<>/bin/default/libcli/security', '-L/usr/local/lib', 
'-L/usr/local/lib', '-lsamba-security', '-lcommon-auth', '-lMESSAGING', 
'-lreplace', '-lcom_err-samba4', '-lsamdb', '-lsamba-credentials', 
'-lndr-samba4', '-lkrb5-samba4', '-ldcerpc', '-lsamba-hostconfig', '-lndr', 
'-lMESSAGING-SEND', '-lserver-id-db', '-lsamba-sockets', '-lsamba-util', 
'-lndr-samba', '-lsamba-debug', '-ltalloc-report', '-lcluster', 
'-lmessages-util', '-lroken-samba4', '-lsamba-errors', '-lkrb5samba', 
'-lcli-ldap-common', '-lsamdb-common', '-lcliauth', '-lldbsamba', '-lauthkrb5', 
'-ltdb-wrap', '-lutil-tdb', '-laesni-intel', '-levents', '-lgssapi-samba4', 
'-ldbwrap', '-lndr-standard', '-lndr-krb5pac', '-lndr-nbt', '-lasn1-samba4', 
'-lheimbase-samba4', '-lwind-samba4', '-lhcrypto-samba4', '-lhx509-samba4', 
'-lsmbclient-raw', '-lhttp', '-lcli-smb-common', '-laddns', '-lgensec', 
'-ltevent-util', '-ldcerpc-samba', '-lnetif', '-lcli-nbt', '-ldcerpc-binding', 
'-lcli-cldap', '-lserver-role', '-lmessages-dgm', '-linterfaces', 
'-lsocket-blocking', '-liov-buf', '-lgenrand', '-lutil-setid', '-ltime-basic', 
'-lsys-rw', '-lasn1util', '-lflag-mapping', '-lCHARSET3', '-lsamba3-util', 
'-lsmbconf', '-lsmb-transport', '-lclidns', '-lsamba-modules', '-lwbclient', 
'-lcli-ldap', '-lmsghdr', '-lutil-reg', '-lsmbd-shim', '-lwinbind-client', 
'-lcap', '-lcups', '-lldap', '-llber', '-lnsl', '-lutil', '-lresolv', '-lz', 
'-lsystemd', '-lgnutls', '-lpthread', '-lldb', '-ltalloc', '-ljansson', 
'-ltalloc', '-lcrypt', '-lbsd', '-ltdb', '-ltevent', '-ltalloc', '-ldl', 
'-Wl,-z,relro', '-Wl,-z,now', '-Wl,--as-needed', '-Wl,-z,relro,-z,now', 
'-Wl,-no-undefined', '-Wl,--export-dynamic', '-Wl,--as-needed']
In file included from ../../source4/heimdal_build/krb5-types.h:8,
 from ../../source4/heimdal/lib/krb5/krb5.h:42,
 from ../../lib/replace/system/kerberos.h:33,
 from ../../auth/credentials/pycredentials.c:35:
../../lib/replace/system/network.h:91:10: fatal error: stropts.h: No such file 
or directory
   91 | #include 
  |  ^~~
compilation terminated.


What is weird is that this include is protected by #ifdef:

#ifdef HAVE_STROPTS_H
#include 
#endif

And that the configure log shows its absence:
Checking for header stropts.h: 08:49:46 runner 
['/usr/bin/gcc', '-D_SAMBA_BUILD_=4', '-DHAVE_CONFIG_H=1', '-g', '-O2', 
'-fdebug-prefix-map=/<>=.', '-fstack-protector-strong', 
'-Wformat', '-Werror=format-security', '-MMD', '-D_GNU_SOURCE=1', 
'-D_XOPEN_SOURCE_EXTENDED=1', '../../test.c', '-c', 
'-o/<>/bin/.conf_check_31eea1eb63d757d192f105191215e3cc/testbuild/default/test.c.1.o',
 '-Wdate-time', '-D_FORTIFY_SOURCE=2']
no 


-- System Information:
Debian Release: bullseye/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP 

Bug#950127: marked as pending in pyside2

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #950127 in pyside2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/qt-kde-team/qt/pyside2/commit/8a9d202032d706e916d562cb7292e4c86f8f111b


Add test dependency on python3-all to fix autopkgtests

These tests fail because the test dependencies are always buggy when there
is more than one supported version of python in the archive; the tests
invoke py3versions to enumerate the versions of python to test against, but
there is no test dependency on python3-all, so no version of python other
than the default python3 is guaranteed to be installed.

Closes: #950127


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/950127

Bug#949339: marked as pending in pyside2

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #949339 in pyside2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/qt-kde-team/qt/pyside2/commit/7ce804e315f1f3b24768429f92bf10aa97ea1545


Add missing Breaks/Replaces for upgrading from previous version

Closes: #949339


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/949339

Bug#948418: marked as pending in pyrit

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #948418 in pyrit reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/pkg-security-team/pyrit/commit/be704dc56b9e2736d967cc402ce0257664de0e37


Fix FTBFS by trying to help the join

Closes: #948418


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/948418

Bug#946886: rustc: FTBFS on mips/mipsel with test failures in sync::atomic::Atomic*

[Raphaël Hertzog]

Source: rustc
Version: 1.39.0+dfsg1-3
Severity: serious
Justification: FTBFS

rustc is not migrating to testing (and thus holding up migration of the
latest thunderbird) because it fails to build on mipsel and mips64el with
too many test failures:

https://buildd.debian.org/status/fetch.php?pkg=rustc=mips64el=1.39.0%2Bdfsg1-3=1575833439=0
 Debian rustc test report 
Specific test failures:
command did not execute successfully: 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage0-tools-bin/tidy" 
"/<>/src" "/usr/bin/cargo" "--verbose"
test [ui] ui/statics/static-function-pointer.rs ... FAILED
command did not execute successfully: 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage0-tools-bin/compiletest"
 "--compile-lib-path" 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage2/lib" 
"--run-lib-path" 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage2/lib/rustlib/mips64el-unknown-linux-gnuabi64/lib"
 "--rustc-path" 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage2/bin/rustc" 
"--src-base" "/<>/src/test/ui" "--build-base" 
"/<>/build/mips64el-unknown-linux-gnuabi64/test/ui" "--stage-id" 
"stage2-mips64el-unknown-linux-gnuabi64" "--mode" "ui" "--target" 
"mips64el-unknown-linux-gnuabi64" "--host" "mips64el-unknown-linux-gnuabi64" 
"--llvm-filecheck" "/usr/lib/llvm-8/bin/FileCheck" "--linker" 
"mips64el-linux-gnuabi64-gcc" "--host-rustcflags" "-Crpath -O -Cdebuginfo=0 
-Zunstable-options  
-Lnative=/<>/build/mips64el-unknown-linux-gnuabi64/native/rust-test-helpers"
 "--target-rustcflags" "-Crpath -O -Cdebuginfo=0 -Zunstable-options  
-Lnative=/<>/build/mips64el-unknown-linux-gnuabi64/native/rust-test-helpers"
 "--docck-python" "/usr/bin/python2.7" "--lldb-python" "/usr/bin/python2.7" 
"--gdb" "/usr/bin/gdb" "--verbose" "--llvm-version" "8.0.1\n" "--system-llvm" 
"--cc" "" "--cxx" "" "--cflags" "" "--llvm-components" "" "--llvm-cxxflags" "" 
"--adb-path" "adb" "--adb-test-dir" "/data/tmp/work" "--android-cross-path" ""
test [debuginfo-gdb+lldb] debuginfo/lexical-scope-in-unconditional-loop.rs ... 
FAILED
test [debuginfo-gdb+lldb] debuginfo/pretty-uninitialized-vec.rs ... FAILED
command did not execute successfully: 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage0-tools-bin/compiletest"
 "--compile-lib-path" 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage2/lib" 
"--run-lib-path" 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage2/lib/rustlib/mips64el-unknown-linux-gnuabi64/lib"
 "--rustc-path" 
"/<>/build/mips64el-unknown-linux-gnuabi64/stage2/bin/rustc" 
"--src-base" "/<>/src/test/debuginfo" "--build-base" 
"/<>/build/mips64el-unknown-linux-gnuabi64/test/debuginfo" 
"--stage-id" "stage2-mips64el-unknown-linux-gnuabi64" "--mode" 
"debuginfo-gdb+lldb" "--target" "mips64el-unknown-linux-gnuabi64" "--host" 
"mips64el-unknown-linux-gnuabi64" "--llvm-filecheck" 
"/usr/lib/llvm-8/bin/FileCheck" "--linker" "mips64el-linux-gnuabi64-gcc" 
"--host-rustcflags" "-Crpath -O -Cdebuginfo=0 -Zunstable-options  
-Lnative=/<>/build/mips64el-unknown-linux-gnuabi64/native/rust-test-helpers"
 "--target-rustcflags" "-Crpath -O -Cdebuginfo=0 -Zunstable-options  
-Lnative=/<>/build/mips64el-unknown-linux-gnuabi64/native/rust-test-helpers"
 "--docck-python" "/usr/bin/python2.7" "--lldb-python" "/usr/bin/python2.7" 
"--gdb" "/usr/bin/gdb" "--verbose" "--llvm-version" "8.0.1\n" "--system-llvm" 
"--cc" "" "--cxx" "" "--cflags" "" "--llvm-components" "" "--llvm-cxxflags" "" 
"--adb-path" "adb" "--adb-test-dir" "/data/tmp/work" "--android-cross-path" ""
test num/mod.rs - sync::atomic::AtomicI16::fetch_max (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI16::fetch_max (line 60) ... FAILED
test num/mod.rs - sync::atomic::AtomicI16::fetch_min (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI16::fetch_min (line 62) ... FAILED
test num/mod.rs - sync::atomic::AtomicI32::fetch_max (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI32::fetch_max (line 60) ... FAILED
test num/mod.rs - sync::atomic::AtomicI32::fetch_min (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI32::fetch_min (line 62) ... FAILED
test num/mod.rs - sync::atomic::AtomicI64::fetch_max (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI64::fetch_max (line 60) ... FAILED
test num/mod.rs - sync::atomic::AtomicI64::fetch_min (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI64::fetch_min (line 62) ... FAILED
test num/mod.rs - sync::atomic::AtomicI8::fetch_max (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI8::fetch_max (line 60) ... FAILED
test num/mod.rs - sync::atomic::AtomicI8::fetch_min (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicI8::fetch_min (line 62) ... FAILED
test num/mod.rs - sync::atomic::AtomicIsize::fetch_max (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicIsize::fetch_max (line 60) ... FAILED
test num/mod.rs - sync::atomic::AtomicIsize::fetch_min (line 49) ... FAILED
test num/mod.rs - sync::atomic::AtomicIsize::fetch_min (line 62) ... FAILED
test num/mod.rs - 

Bug#946267: cpio -i --no-absolute-filenames breaks symlinks starting with / or /..

[Raphaël Hertzog]

Package: cpio
Version: 2.13+dfsg-1
Severity: serious
User: de...@kali.org
Usertags: origin-kali
Control: affects -1 live-build

live-build is able to repack the installer initrd to add custom files.
We use that feature in Kali and since last week, when cpio 2.13+dfsg-1
reached testing (and thus our ISO build chroots), our installer images are
badly broken and we get errors like “/usr/share/debconf/frontend: not
found” or “expr: not found”.

After a diffoscope run to compare the original and repacked initrd I saw
things like this:

│ │ ├── etc/mtab
│ │ │┄ symlink
│ │ │ @@ -1 +1 @@
│ │ │ -destination: /proc/mounts
│ │ │ +destination: proc/mounts
│ │ ├── usr/bin/expr
│ │ │┄ symlink
│ │ │ @@ -1 +1 @@
│ │ │ -destination: /bin/busybox
│ │ │ +destination: bin/busybox
│ │ ├── usr/share/debconf/frontend
│ │ │┄ symlink
│ │ │ @@ -1 +1 @@
│ │ │ -destination: ../../lib/cdebconf/debconf
│ │ │ +destination: lib/cdebconf/debconf

So the target of the symlinks have been modified. live-build uses
cpio in the following way to unpack the initrd and repack it:

# mkdir temp
# cd temp
# cpio -i --make-directories --no-absolute-filenames /somewhere/initrd-repacked

(see
https://salsa.debian.org/live-team/live-build/blob/master/scripts/build/installer_debian-installer#L743
for actual code)

So it uses "--no-absolute-filenames" just to ensure that the files are
extracted in the current directory and to not extract them in the
root directory (in case the archive contains absolute filenames), but it
really doesn't want cpio to change the contents of the symlinks that it
extracts!

I looked in the manual page and could not find any option that would
result in the desired behavior. As this is is breaking live-build, I'm
putting this as a serious bug for now.

This regression is because the upstream fix for CVE-2015-1197 mangles
the symlinks in this way:
https://git.savannah.gnu.org/cgit/cpio.git/commit/?id=45b0ee2b407913c533f7ded8d6f8cbeec16ff6ca

The original SuSE patch that we used was smarter, it would not change the
symlinks but it would refuse to extract over a symlink:
https://bugzilla.suse.com/attachment.cgi?id=599460=diff

FYI I'm putting the author of the above commit in copy so that he can
chime in and be aware of this regression.

Cheers,

-- System Information:
Debian Release: bullseye/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-6-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages cpio depends on:
ii  libc6  2.29-3

cpio recommends no packages.

Versions of packages cpio suggests:
pn  libarchive1  

-- no debconf information

Bug#945174: marked as pending in pyside2

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #945174 in pyside2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/qt-kde-team/qt/pyside2/commit/34a0821249bea72460c0d355ac40c718d338b941


Drop libqt5datavisualization5-dev on mipsel and mpis64el (Closes: #945174)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/945174

Bug#942161: marked as pending in impacket

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #942161 in impacket reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/python-team/modules/impacket/commit/db57eedd4cd2077b262234b4d58a1ab283516f92


Expand copyright file to cover more copyright notices

Closes: #942161


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/942161

Bug#942487: rust-web-sys: Provides header is more than 256K long and it breaks reprepro...

[Raphaël Hertzog]

Source: rust-web-sys
Version: 0.3.28-1
Severity: critical
Justification: breaks unrelated software
User: de...@kali.org
Usertags: origin-kali

$ apt-cache show librust-web-sys-dev|grep ^Provides:|wc -c
277998

This is a serious abuse of the Provides header... for a package that
provides 719 files.

And it breaks unrelated software processing the Debian archive, namely
reprepro:
Error parsing ./lists/unstable_unstable_main_arm64_Packages line 914113: 
Ridiculous long (>= 256K) control chunk!

For this reason, I'm going to NMU the package and disable/reduce the Provides
field until you find a reasonable solution.

Cheers,

-- System Information:
Debian Release: bullseye/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 5.2.0-3-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#942070: gnome-shell-extension-workspaces-to-dock: Must be updated to work with GNOME 3.34

[Raphaël Hertzog]

Package: gnome-shell-extension-workspaces-to-dock
Version: 51-1
Severity: grave
Tags: upstream
Justification: renders package unusable
User: de...@kali.org
Usertags: origin-kali

Please package version 52 that is documented to work with GNOME Shell
3.34.

The current version can be installed and loaded but it entirely breaks the
activities overview.

Thank you.

-- System Information:
Debian Release: bullseye/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages gnome-shell-extension-workspaces-to-dock depends on:
ii  gnome-shell  3.34.0-2

gnome-shell-extension-workspaces-to-dock recommends no packages.

gnome-shell-extension-workspaces-to-dock suggests no packages.

Bug#932834: FTBFS: relocation R_X86_64_32 against symbol `PyVersion_Type' can not be used when making a shared object; recompile with -fPIC

[Raphaël Hertzog]

Source: python-apt
Version: 1.8.4
Severity: serious
Justification: FTBFS
User: de...@kali.org
Usertags: origin-kali

Trying to rebuild python-apt in unstable currently fails with:

x86_64-linux-gnu-g++ -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions 
-Wl,-z,relro -specs=/usr/share/dpkg/no-pie-link.specs -Wl,-z,relro -Wl,-z,now 
-g -O2 -fdebug-prefix-map=/<>=. 
-specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong -Wformat 
-Werror=format-security -Wno-write-strings -DDATE="Mar 11 2019" 
-DTIME="11:49:18" -Wdate-time -D_FORTIFY_SOURCE=2 
build/temp.linux-x86_64-3.7/python/acquire.o 
build/temp.linux-x86_64-3.7/python/acquire-item.o 
build/temp.linux-x86_64-3.7/python/apt_pkgmodule.o 
build/temp.linux-x86_64-3.7/python/cache.o 
build/temp.linux-x86_64-3.7/python/cachegroup.o 
build/temp.linux-x86_64-3.7/python/cdrom.o 
build/temp.linux-x86_64-3.7/python/configuration.o 
build/temp.linux-x86_64-3.7/python/depcache.o 
build/temp.linux-x86_64-3.7/python/generic.o 
build/temp.linux-x86_64-3.7/python/hashes.o 
build/temp.linux-x86_64-3.7/python/hashstring.o 
build/temp.linux-x86_64-3.7/python/hashstringlist.o 
build/temp.linux-x86_64-3.7/python/indexfile.o 
build/temp.linux-x86_64-3.7/python/lock.o 
build/temp.linux-x86_64-3.7/python/metaindex.o 
build/temp.linux-x86_64-3.7/python/orderlist.o 
build/temp.linux-x86_64-3.7/python/pkgmanager.o 
build/temp.linux-x86_64-3.7/python/pkgrecords.o 
build/temp.linux-x86_64-3.7/python/pkgsrcrecords.o 
build/temp.linux-x86_64-3.7/python/policy.o 
build/temp.linux-x86_64-3.7/python/progress.o 
build/temp.linux-x86_64-3.7/python/python-apt-helpers.o 
build/temp.linux-x86_64-3.7/python/sourcelist.o 
build/temp.linux-x86_64-3.7/python/string.o 
build/temp.linux-x86_64-3.7/python/tag.o -lapt-pkg -o 
build/lib.linux-x86_64-3.7/apt_pkg.cpython-37m-x86_64-linux-gnu.so
/usr/bin/ld: /tmp/ccZYGg3M.ltrans0.ltrans.o: relocation R_X86_64_32 against 
symbol `PyVersion_Type' can not be used when making a shared object; recompile 
with -fPIC
/usr/bin/ld: /tmp/ccZYGg3M.ltrans1.ltrans.o: relocation R_X86_64_32 against 
symbol `PyPolicy_Type' can not be used when making a shared object; recompile 
with -fPIC
/usr/bin/ld: /tmp/ccZYGg3M.ltrans2.ltrans.o: relocation R_X86_64_32 against 
symbol `PyAcquire_Type' can not be used when making a shared object; recompile 
with -fPIC
/usr/bin/ld: final link failed: nonrepresentable section on output
collect2: error: ld returned 1 exit status
error: command 'x86_64-linux-gnu-g++' failed with exit status 1
dh_auto_build: python3.7 setup.py build --force returned exit code 1
make[1]: *** [debian/rules:19: override_dh_auto_build] Error 255
make[1]: Leaving directory '/<>'
make: *** [debian/rules:16: build] Error 2
dpkg-buildpackage: error: debian/rules build subprocess returned exit status 2

Build finished at 2019-07-23T16:52:03Z


-- System Information:
Debian Release: bullseye/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

-- no debconf information

Bug#930929: libvirt: is no longer able to use kvm

[Raphaël Hertzog]

Source: libvirt
Version: 5.0.0-4
Severity: serious

For a few days/weeks (I'm not sure when it started exactly), I can no
longer run my VM with virt-manager.

On startup of libvirtd I have many messages like this one (one for each VM
I guess):
libvirtd[8281]: invalid argument: could not find capabilities for arch=x86_64 
domaintype=kvm 

When I try to start a VM I see this in the logs of libvirtd:
libvirtd[12569]: Unable to read from monitor: Connexion ré-initialisée par le 
correspondant
libvirtd[12569]: internal error: qemu unexpectedly closed the monitor: Could 
not access KVM kernel module: Permission denied
 2019-06-22T17:07:23.635870Z qemu-system-x86_64: failed to 
initialize KVM: Permission denied
libvirtd[12569]: internal error: process exited while connecting to monitor: 
Could not access KVM kernel module: Permission denied
 2019-06-22T17:07:23.635870Z qemu-system-x86_64: failed to 
initialize KVM: Permission denied

But I do have /dev/kvm and I have hardware virtualization enabled in the
BIOS.

$ ls -al /dev/kvm
crw-rw+ 1 root root 10, 232 juin  22 19:07 /dev/kvm
$ getfacl /dev/kvm
# file: dev/kvm
# owner: root
# group: root
user::rw-
user:rhertzog:rw-
group::---
mask::rw-
other::---

And I do have the required kernel modules:
$ lsmod|grep kvm
kvm_intel 245760  0
kvm   724992  1 kvm_intel
irqbypass  16384  1 kvm

I also have qemu-kvm installed:
$ dpkg -l qemu*|grep ^ii
ii  qemu-kvm   1:3.1+dfsg-8 amd64QEMU Full virtualization on 
x86 hardware
ii  qemu-system-common 1:3.1+dfsg-8 amd64QEMU full system emulation 
binaries (common files)
ii  qemu-system-data   1:3.1+dfsg-8 all  QEMU full system emulation 
(data files)
ii  qemu-system-gui1:3.1+dfsg-8 amd64QEMU full system emulation 
binaries (user interface and audio support)
ii  qemu-system-x861:3.1+dfsg-8 amd64QEMU full system emulation 
binaries (x86)
ii  qemu-user  1:3.1+dfsg-8 amd64QEMU user mode emulation 
binaries
ii  qemu-user-static   1:3.1+dfsg-8 amd64QEMU user mode emulation 
binaries (static version)
ii  qemu-utils 1:3.1+dfsg-8 amd64QEMU utilities

I removed virtualbox and rebooted to make sure it's not a bad interaction but 
it did not help.
I don't know what else I should look into.

-- System Information:
Debian Release: 10.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.19.0-5-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#929469: systemd-networkd: systemd-networkd: fails with "could not set address: Permission denied"

[Raphaël Hertzog]

Package: systemd
Version: 241-3
Severity: serious
File: systemd-networkd
User: de...@kali.org
Usertags: origin-kali

I upgraded an (OVH) dedicated server to Debian buster with systemd 241-3 and
while it rebooted correctly, the network did not came back. Looking into
the logs I saw the following messages:

May 20 12:37:10 euterpe systemd-networkd[756]: eno3: Could not bring up 
interface: Invalid argument
May 20 12:37:14 euterpe systemd-networkd[756]: eno3: Gained carrier
May 20 12:37:14 euterpe systemd-networkd[756]: eno3: could not set address: 
Permission denied

The configuration in use is the following:
$ cat /etc/systemd/network/50-default.network
# This file sets the IP configuration of the primary (public) network device.
# You can also see this as "OSI Layer 3" config.
# It was created by the OVH installer, please be careful with modifications.
# Documentation: man systemd.network or 
https://www.freedesktop.org/software/systemd/man/systemd.network.html

[Match]
MACAddress=ac:1f:6b:67:cd:e8

[Network]
Description=network interface on public network, with default route
DHCP=no
Address=54.39.104.6/24
Gateway=54.39.104.254
#IPv6AcceptRA=false
NTP=ntp.ovh.net
DNS=127.0.0.1
DNS=213.186.33.99
DNS=2001:41d0:3:163::1
Gateway=2607:5300:0203:39ff:ff:ff:ff:ff

[Address]
Address=2607:5300:0203:3906::/64

[Route]
Destination=2607:5300:0203:39ff:ff:ff:ff:ff
Scope=link

$ cat /etc/systemd/network/50-public-interface.link
# This file configures the relation between network device and device name.
# You can also see this as "OSI Layer 2" config.
# It was created by the OVH installer, please be careful with modifications.
# Documentation: man systemd.link or 
https://www.freedesktop.org/software/systemd/man/systemd.link.html

[Match]
MACAddress=ac:1f:6b:67:cd:e8

[Link]
Description=network interface on public network, with default route
MACAddressPolicy=persistent
NamePolicy=kernel database onboard slot path mac
#Name=eth0  # name under which this interface is known under OVH rescue 
system
#Name=eno3  # name under which this interface is probably known by systemd

The ethernet card is the following:
$ lspci -v
[...]
03:00.0 Ethernet controller: Intel Corporation Ethernet Connection X552/X557-AT 
10GBASE-T
Subsystem: Super Micro Computer Inc Ethernet Connection X552/X557-AT 
10GBASE-T
Flags: bus master, fast devsel, latency 0, IRQ 11
Memory at 383fffc0 (64-bit, prefetchable)
Memory at 383fffe04000 (64-bit, prefetchable)
Expansion ROM at fb18 [disabled]
Capabilities: [40] Power Management version 3
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
Capabilities: [a0] Express Endpoint, MSI 00

03:00.1 Ethernet controller: Intel Corporation Ethernet Connection X552/X557-AT 
10GBASE-T
Subsystem: Super Micro Computer Inc Ethernet Connection X552/X557-AT 
10GBASE-T
Flags: bus master, fast devsel, latency 0, IRQ 10
Memory at 383fffa0 (64-bit, prefetchable)
Memory at 383fffe0 (64-bit, prefetchable)
Expansion ROM at fb10 [disabled]
Capabilities: [40] Power Management version 3
Capabilities: [50] MSI: Enable- Count=1/1 Maskable+ 64bit+
Capabilities: [70] MSI-X: Enable+ Count=64 Masked-
Capabilities: [a0] Express Endpoint, MSI 00
[...]

It is handled by the "ixgbe" kernel driver:
$ grep ixgbe /var/log/kern.log:
May 23 21:19:38 euterpe kernel: [1.896199] ixgbe: Intel(R) 10 Gigabit PCI 
Express Network Driver - version 5.1.0-k
May 23 21:19:38 euterpe kernel: [1.908671] ixgbe: Copyright (c) 1999-2016 
Intel Corporation.
May 23 21:19:38 euterpe kernel: [3.471556] ixgbe :03:00.0: Multiqueue 
Enabled: Rx Queue count = 8, Tx Queue count = 8 XDP Queue count = 0
May 23 21:19:38 euterpe kernel: [3.619415] ixgbe :03:00.0: MAC: 5, PHY: 
7, PBA No: 023A00-000
May 23 21:19:38 euterpe kernel: [3.628980] ixgbe :03:00.0: 
ac:1f:6b:67:cd:e8
May 23 21:19:38 euterpe kernel: [3.689232] ixgbe :03:00.0: Intel(R) 10 
Gigabit Network Connection
May 23 21:19:38 euterpe kernel: [5.487530] ixgbe :03:00.1: Multiqueue 
Enabled: Rx Queue count = 8, Tx Queue count = 8 XDP Queue count = 0
May 23 21:19:38 euterpe kernel: [5.627263] ixgbe :03:00.1: MAC: 5, PHY: 
7, PBA No: 023A00-000
May 23 21:19:38 euterpe kernel: [5.634459] ixgbe :03:00.1: 
ac:1f:6b:67:cd:e9
May 23 21:19:38 euterpe kernel: [5.696963] ixgbe :03:00.1: Intel(R) 10 
Gigabit Network Connection
May 23 21:19:38 euterpe kernel: [5.707134] ixgbe :03:00.1 eno4: renamed 
from eth1
May 23 21:19:38 euterpe kernel: [5.733678] ixgbe :03:00.0 eno3: renamed 
from eth0
May 23 21:19:39 euterpe kernel: [   22.934955] ixgbe :03:00.0: registered 
PHC device on eno3
May 23 21:19:43 euterpe kernel: [   27.453172] ixgbe :03:00.0 eno3: NIC 
Link is Up 1 Gbps, Flow Control: None


Trying to narrow 

Bug#919388: ubertooth: Replace pyside dependencies by pyside2 dependencies

[Raphaël Hertzog]

Source: ubertooth
Version: 2018.12.R1-1
Severity: serious
User: de...@kali.org
Usertags: origin-kali

The last release of ubertooth updated /usr/bin/ubertooth-specan-ui to use
PySide2 instead of PySide but the Recommends field has not been updated
accordingly:
$ apt-cache show ubertooth|grep Recommends
Recommends: ubertooth-firmware, python-pyside.qtcore, python-pyside.qtgui
$ grep PySide2 /usr/bin/ubertooth-specan-ui
from PySide2 import QtCore, QtGui, QtWidgets
from PySide2.QtCore import Qt, QPointF, QLineF

Please recommend "python-pyside2.qtcore, python-pyside2.qtgui,
python-pyside2.qtwidgets".

Thank you.

This bug report is triggered by Kali's work to get rid of pyside 1.x:
https://bugs.kali.org/view.php?id=4978

-- System Information:
Debian Release: buster/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.18.0-3-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#917200: Bug #917200 in pyside2 marked as pending

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #917200 in pyside2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below and you can check the diff of the fix at:

https://salsa.debian.org/qt-kde-team/qt/pyside2/commit/119cad4ba5eb09f0ce294cf4b4618fe830c56ba6


Do not build-depends on patchelf on mips64el (Closes: #917200)


(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/917200

Bug#904892: Bug #904892 in pyside2 marked as pending

[Raphaël Hertzog]

Control: tag -1 pending

Hello,

Bug #904892 in pyside2 reported by you has been fixed in the
Git repository and is awaiting an upload. You can see the commit
message below, and you can check the diff of the fix at:

https://salsa.debian.org/qt-kde-team/qt/pyside2/commit/7abffeb1c49861f61fccf57b77a2a0a84af1b375


Fix build with dpkg-buildpackage -A.

Pass the -a option to dh_listpackages so that it always lists the
packages that we care about (those that have a version suffix).

Closes: #904892



(this message was generated automatically)
-- 
Greetings

https://bugs.debian.org/904892

Bug#887062: raspi3-firmware: postinst fails, makes bad assumption about existence of /boot/firmware/

[Raphaël Hertzog]

Package: raspi3-firmware
Version: 1.20171201-2
Severity: serious
User: de...@kali.org
Usertags: origin-kali

My dailay builds of Kali armhf live images are now failing with this version of
raspi3-firmware with this error:

Setting up raspi3-firmware (1.20171201-2) ...
cp: cannot create regular file '/boot/firmware/bootcode.bin': No such file or 
directory
dpkg: error processing package raspi3-firmware (--configure):

I did not check the code but it looks like it assumes that /boot/firmware/ does 
exist
while it doesn't (at least not in the context of the chroot where the live
image is being built).

This was working fine a few days ago with the previous version that was in 
testing
(1.20171006-1, Kali is based on Debian Testing).

Cheers,

-- System Information:
Debian Release: buster/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.14.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Bug#882172: marked as pending

[Raphaël Hertzog]

tag 882172 pending
thanks

Hello,

Bug #882172 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/pkg-security/aircrack-ng.git/commit/?id=c7f8001

---
commit c7f8001ca7002daba64f888552a53e546110ba70
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Mon Nov 20 15:27:38 2017 +0100

Prepare for release to unstable

diff --git a/debian/changelog b/debian/changelog
index f1ef805..10e04fe 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,7 +1,8 @@
-aircrack-ng (1:1.2-0~rc4-4) UNRELEASED; urgency=medium
+aircrack-ng (1:1.2-0~rc4-4) unstable; urgency=medium
 
   * Team upload.
-  * debian/rules: override fix perms only for indep packages
+  * debian/rules: override dh_fixperms only for arch-indep packages.
+Closes: #882172
 
  -- Sophie Brun <sop...@freexian.com>  Mon, 20 Nov 2017 14:29:58 +0100
 

Bug#876948: FTBFS: fails to configure due to change in gcc -dumpversion output

[Raphaël Hertzog]

Source: exiv2
Version: 0.25-3.1
Severity: serious
Tags: patch
Justification: FTBFS

I am unable to rebuild exiv2 0.26 in experimental. The build fails on
dh_auto_configure. It turns out CMakeLists.txt tries to parse
g++ -dumpversion as a two component value but we currently get a single one:
$ g++ -dumpversion
7

This patch fixes the issue for me:
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -83,9 +83,8 @@ IF( MINGW OR UNIX )
 execute_process(COMMAND ${CMAKE_CXX_COMPILER} -dumpversion OUTPUT_VARIABLE 
GCC_VERSION)
 string(REGEX MATCHALL "[0-9]+" GCC_VERSION_COMPONENTS ${GCC_VERSION})
 list(GET GCC_VERSION_COMPONENTS 0 GCC_MAJOR)
-list(GET GCC_VERSION_COMPONENTS 1 GCC_MINOR)

-message(STATUS Compiler: ${COMPILER} " Major:" ${GCC_MAJOR} " Minor:" 
${GCC_MINOR})
+message(STATUS Compiler: ${COMPILER} " Major:" ${GCC_MAJOR} " Full version 
string:" ${GCC_VERSION})

 IF ( CYGWIN OR ( ${GCC_MAJOR} GREATER 5 ))
 ADD_DEFINITIONS( -std=gnu++98 ) # to support snprintf

But then I get another error due to missing symbols in 
debian/libexiv2-26.symbols.
But this is already tracked in #870873.

-- System Information:
Debian Release: buster/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#875423: openssl: Please re-enable TLS 1.0 and TLS 1.1 (at least in testing)

[Raphaël Hertzog]

Source: openssl
Version: 1.1.0f-5
Severity: serious

Hello Kurt,

I looked back at the debian-devel discussion and it seems to me that
the majority of persons who expressed themselves (including Moritz Mühlenhoff
of the Debian security team) believe that buster should ship with TLS 1.0
and TLS 1.1 enabled.

Given this, I would like to request you to make sure that Debian testing
has a version of openssl with TLS 1.0 and TLS 1.1 enabled.

The rough consensus seems to be that it's ok for you to use Debian
unstable as a test-bed for your experiment to disable TLS 1.0 and TLS 1.1.

While that might not be practical to manage when you have to push an
update to testing, it's a burden that you should accept since you
believe that Debian experimental will not give enough exposure.

Please do listen to your fellow developers. Thank you.

Cheers,

PS: I'm filing this because I would like to not have to fork OpenSSL
for Kali. It's counter-productive to go too fast in deprecating old
protocols. You will only get less users using the official Debian
package with all the risks it involves.

Or at least I would like a system-wide flag (in a configuration file?) to
let me re-enable old protocols easily.

-- System Information:
Debian Release: buster/sid
  APT prefers oldoldstable
  APT policy: (500, 'oldoldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.12.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), 
LANGUAGE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

-- no debconf information

Bug#853570: marked as pending

[Raphaël Hertzog]

tag 853570 pending
thanks

Hello,

Bug #853570 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

https://anonscm.debian.org/cgit/pkg-security/ncrack.git/commit/?id=f7b8d0e

---
commit f7b8d0e603ab8f0bcbc10a580816fc41267f2b11
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Fri Aug 25 12:00:38 2017 +0200

Add patch to fix build with gcc 7

Closes: #853570

diff --git a/debian/changelog b/debian/changelog
index 3108e84..6aa8516 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ncrack (0.5-4) unstable; urgency=medium
+
+  * Team upload.
+  * Add patch to fix build with gcc 7. Closes: #853570
+
+ -- Raphaël Hertzog <hert...@debian.org>  Fri, 25 Aug 2017 11:59:41 +0200
+
 ncrack (0.5-3) unstable; urgency=medium
 
   * Team upload.

Bug#863267: marked as pending

[Raphaël Hertzog]

tag 863267 pending
thanks

Hello,

Bug #863267 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


https://anonscm.debian.org/cgit/python-modules/packages/python-django.git/commit/?id=53f0ab6

---
commit 53f0ab6240f3db21d0a770511081ab503dad669b
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Mon May 29 17:00:50 2017 +0200

Accept again migrations depending on initial migrations that can be fake 
applied

Closes: #863267

diff --git a/debian/changelog b/debian/changelog
index c865858..d20ef7a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-django (1:1.10.7-2) UNRELEASED; urgency=medium
+
+  * Accept again migrations depending on initial migrations that
+can be fake applied. Closes: #863267
+
+ -- Raphaël Hertzog <hert...@debian.org>  Mon, 29 May 2017 16:59:51 +0200
+
 python-django (1:1.10.7-1) unstable; urgency=medium
 
   * New upstream security release:

Bug#855050: systemd: systemctl regressions, assertion failure with "--user enable" without HOME, and more

[Raphaël Hertzog]

Package: systemd
Version: 232-15
Severity: serious
User: de...@kali.org
Usertags: origin-kali

I opened this upstream: https://github.com/systemd/systemd/issues/5260
and I would like to get this fixed in Debian stretch. This is a regression
compared to former versions. 

Any invocation of "systemctl --user enable/disable" will fail if
XDG_RUNTIME_DIR is not set while it's strictly not required to do
its job.

The same pull request also fixes other regressions where you can't
properly track processes of a unit that has been removed or even
disable that dropped unit.

https://github.com/systemd/systemd/pull/5303

The commit I need most is this one:
https://github.com/systemd/systemd/pull/5303/commits/c3c7eb7d7debbe2b2e708fb8d4d11f06869e0d0a

(while Lennart wrongly tagged another commit as fixing my issue)

-- Package-specific info:

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser 3.115
ii  libacl1 2.2.52-3
ii  libapparmor12.11.0-2
ii  libaudit1   1:2.6.7-1
ii  libblkid1   2.29.1-1
ii  libc6   2.24-9
ii  libcap2 1:2.25-1
ii  libcryptsetup4  2:1.7.3-3
ii  libgcrypt20 1.7.6-1
ii  libgpg-error0   1.26-2
ii  libidn111.33-1
ii  libip4tc0   1.6.0+snapshot20161117-5
ii  libkmod223-2
ii  liblz4-10.0~r131-2
ii  liblzma55.2.2-1.2
ii  libmount1   2.29.1-1
ii  libpam0g1.1.8-3.5
ii  libseccomp2 2.3.1-2.1
ii  libselinux1 2.6-3
ii  libsystemd0 232-15
ii  mount   2.29.1-1
ii  util-linux  2.29.1-1

Versions of packages systemd recommends:
ii  dbus1.10.14-1
ii  libpam-systemd  232-15

Versions of packages systemd suggests:
ii  policykit-10.105-17
pn  systemd-container  
pn  systemd-ui 

Versions of packages systemd is related to:
pn  dracut   
ii  initramfs-tools  0.127
ii  udev 232-15

-- no debconf information

Bug#855048: qgis: Ships an unsupported copy of QtWebkit in public Python path without any transition

[Raphaël Hertzog]

Source: qgis
Version: 2.14.11+dfsg-1
Severity: serious
Tags: security
User: de...@kali.org
Usertags: origin-kali

python-qt4 dropped support for QtWebkit it's because it was not
possible to provide security support for it (cf #784514). You disabled
that support in response to that bug.

But later you decided to re-enable it using an embedded copy, the net
result is that python-qgis is now shipping files that used to be
shipped by python-qt4:
/usr/lib/python2.7/dist-packages/PyQt4/QtWebKit.x86_64-linux-gnu.so

There are two problems:

1/ the upgrade is not safe, you can have conflicts with python-qt4 if
python-qgis is upgraded before python-qt4 (even more likely in Kali
where we kept QtWebkit a while longer in python-qt4)

2/ if QtWebkit cannot be suppported in python-qt4, it also cannot be
supported in python-qgis

IMO you should disable that embedded copy usage or at least get a prior
ack from the security team.

Cheers,

-- System Information:
Debian Release: 9.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#851497: marked as pending

[Raphaël Hertzog]

tag 851497 pending
thanks

Hello,

Bug #851497 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-security/hashcat.git;a=commitdiff;h=599a01d

---
commit 599a01d1ad38c632f902e27a204c52d4e9f6584a
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Thu Jan 19 17:10:32 2017 +0100

Install libhashcat.so in /usr/lib/hashcat

It's not clean enough to be supported as a public library.

Also drop -march=native from the Makefile. Closes: #851497

diff --git a/debian/changelog b/debian/changelog
index a78fb0a..240ab0a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -13,6 +13,11 @@ hashcat (3.30-1) UNRELEASED; urgency=medium
   [ Lorenzo "Palinuro" Faletra ]
   * Include libhashcat.so in hashcat binary package.
 
+  [ Raphaël Hertzog ]
+  * Install libhashcat.so in /usr/lib/hashcat. It's not clean enough
+to be supported as a public library.
+  * Drop -march=native from the Makefile. Closes: #851497
+
  -- Samuel Henrique <samuel...@gmail.com>  Sat, 07 Jan 2017 14:55:20 -0200
 
 hashcat (3.20-1) unstable; urgency=medium

Bug#847207: uwsgi: FTBFS on multiple architectures with undefined references to uwsgi_* symbols

[Raphaël Hertzog]

Source: uwsgi
Version: 2.0.14+20161117-1
Severity: serious
Justification: FTBFS

Looking at https://buildd.debian.org/status/package.php?p=uwsgi I see that
the current package failed to build on armel, armhf, i386, mips, mipsel
(and more unofficial arhitectures). The arm64 build also got stalled
somehow...

All the errors are similar:

./plugins/emperor_pg/emperor_pg.c:75: undefined reference to `uwsgi_str_num'
./plugins/emperor_pg/emperor_pg.c:75: undefined reference to 
`uwsgi_emperor_simple_do'
./plugins/emperor_pg/emperor_pg.c:80: undefined reference to `ui'
./plugins/emperor_pg/emperor_pg.c:94: undefined reference to `emperor_stop'
./plugins/emperor_pg/emperor_pg.c:68: undefined reference to `uwsgi_str_num'
./plugins/emperor_pg/emperor_pg.c:69: undefined reference to `uwsgi_str_num'
./plugins/emperor_pg/emperor_pg.c:43: undefined reference to `uwsgi_log'
collect2: error: ld returned 1 exit status
using profile: debian/buildconf/uwsgi-plugin.ini
detected include path: ['/usr/lib/gcc/i686-linux-gnu/6/include', 
'/usr/local/include', '/usr/lib/gcc/i686-linux-gnu/6/include-fixed', 
'/usr/include/i386-linux-gnu', '/usr/include']
*** uWSGI building and linking plugin plugins/emperor_pg ***
i686-linux-gnu-gcc -pthread -fPIC -shared -o ./emperor_pg_plugin.so -I. -O2 
-I. -Wall -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64 -g -O2 
-fdebug-prefix-map=/«BUILDDIR»/uwsgi-2.0.14+20161117=. -fstack-protector-strong 
-Wformat -Werror=format-security -fno-strict-aliasing -Wextra 
-Wno-unused-parameter -Wno-missing-field-initializers -DUWSGI_HAS_IFADDRS 
-DUWSGI_ZLIB -DUWSGI_LOCK_USE_MUTEX -DUWSGI_EVENT_USE_EPOLL 
-DUWSGI_EVENT_TIMER_USE_TIMERFD -DUWSGI_EVENT_FILEMONITOR_USE_INOTIFY  
-DUWSGI_PCRE -DUWSGI_ROUTING -DUWSGI_CAP -DUWSGI_UUID 
-DUWSGI_VERSION="\"2.0.14-debian\"" -DUWSGI_VERSION_BASE="2" 
-DUWSGI_VERSION_MAJOR="0" -DUWSGI_VERSION_MINOR="14" 
-DUWSGI_VERSION_REVISION="0" -DUWSGI_VERSION_CUSTOM="\"debian\"" -DUWSGI_YAML 
-DUWSGI_LIBYAML -DUWSGI_JSON -DUWSGI_SSL -I/usr/include/libxml2 -DUWSGI_XML 
-DUWSGI_XML_LIBXML2 -DUWSGI_PLUGIN_DIR="\".\"" -Wmissing-prototypes 
-Wpointer-arith -Wendif-labels -Wmissing-format-attribute -Wformat-security 
-fno-strict-aliasing -fwrapv -fexcess-preci
 sion=standard -g -g -O2 -fstack-protector-strong -I/usr/include/mit-krb5 
-no-pie -I/usr/include/postgresql -Demperor_pg_plugin=emperor_pg_plugin 
plugins/emperor_pg/emperor_pg.c -Wl,-z,relro -L../../src/common -Wl,-z,now 
-Wl,--as-needed -L/usr/lib/mit-krb5 -L/usr/lib/i386-linux-gnu/mit-krb5 
-L/usr/lib/i386-linux-gnu -lpq
*** unable to build emperor_pg plugin ***
debian/rules:450: recipe for target 'debian/stamp-uwsgi-plugin-emperor-pg' 
failed
make: *** [debian/stamp-uwsgi-plugin-emperor-pg] Error 1


I have the feeling that this is all related to the "-Wl,-z,now" flag but I 
don't know what
is injecting this flag here... 

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#847095: libmongoclient-dev: Should not conflict with transitional mongodb-dev

[Raphaël Hertzog]

Package: libmongoclient-dev
Version: 1.1.2-4
Severity: serious
Tags: patch
Justification: piuparts failure

The package does not migrate to testing due to a piuparts failure:
https://piuparts.debian.org/sid/fail/mongodb-dev_2:1.1.2-4.log

Extract:
0m19.6s ERROR: Command failed (status=100): ['chroot', 
'/srv/piuparts.debian.org/tmp/tmpRj5FHY', 'apt-get', '-y', 'install', 
'mongodb-dev=2:1.1.2-4']
  Reading package lists...
  Building dependency tree...
  Reading state information...
  Some packages could not be installed. This may mean that you have
  requested an impossible situation or if you are using the unstable
  distribution that some required packages have not yet been created
  or been moved out of Incoming.
  The following information may help to resolve the situation:
  
  The following packages have unmet dependencies:
   mongodb-dev : Depends: libmongoclient-dev but it is not going to be installed
  E: Unable to correct problems, you have held broken packages.


The problem is that the new transitional mongodb-dev depends on
libmongoclient-dev which conflicts with mongodb-dev (this would have
been caught by trying to install the uploaded packages).

Please make the conflict versioned or drop it entirely:
--- a/debian/control
+++ b/debian/control
@@ -27,7 +27,7 @@ Section: libdevel
 Architecture: any
 Multi-Arch: same
 Depends: libmongoclient0 (= ${binary:Version}), ${misc:Depends}
-Conflicts: mongodb-dev
+Conflicts: mongodb-dev (<< 2:1.1.2-1~)
 Description: MongoDB C++ Driver (development)
  This package provides C++ development file to interact with MongoDB.
  This is the legacy C++ driver and currently supports MongoDB 2.4, 2.6,

Please upload a fixed package soon and increase priority to high to speed up
testing migration since we already waited multiple rounds for testing migration.

If you can't upload a fixed package soon, let me know and I can upload an
NMU.

Cheers,
-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#846569: libsnmp-dev: Should depend on "libssl-dev | libssl1.0-dev" if possible

[Raphaël Hertzog]

Package: libsnmp-dev
Version: 5.7.3+dfsg-1.5+b1
Severity: serious
Justification: FTBFS in openvas

Currently openvas is not buildable because it build-depends on libssh-dev
which depends on libssl1.0-dev and libsnmp-dev which depends on
libssl-dev (and both libssl*-dev are not co-installable).

I believe we might be able to fix this by making libsnmp-dev depend on either
version of the -dev package. But this is true only if libsnmp does not reuse
parts of the SSL API in its own API... and I don't know if this is the case.

If that's not the case, then we should stick to libssl1.0-dev until
ssh works with OpenSSL 1.1 and everything can be switch together to version 1.1.


report:
 -
  package: sbuild-build-depends-openvas-libraries-dummy
  version: 0.invalid.0
  architecture: amd64
  status: broken
  reasons:
   -
conflict:
 pkg1:
  package: libssl1.0-dev
  version: 1.0.2j-4
  architecture: amd64
  unsat-conflict: libssl-dev:amd64
 pkg2:
  package: libssl-dev
  version: 1.1.0c-2
  architecture: amd64
 depchain1:
  -
   depchain:
-
 package: sbuild-build-depends-openvas-libraries-dummy
 version: 0.invalid.0
 architecture: amd64
 depends: libssh-dev:amd64 (>= 0.5.0)
-
 package: libssh-dev
 version: 0.7.3-2
 architecture: amd64
 depends: libssl1.0-dev:amd64
 depchain2:
  -
   depchain:
-
 package: sbuild-build-depends-openvas-libraries-dummy
 version: 0.invalid.0
 architecture: amd64
 depends: libsnmp-dev:amd64
-
 package: libsnmp-dev
 version: 5.7.3+dfsg-1.5+b1
 architecture: amd64
 depends: libssl-dev:amd64


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#844303: marked as pending

[Raphaël Hertzog]

tag 844303 pending
thanks

Hello,

Bug #844303 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-security/ncrack.git;a=commitdiff;h=efb1647

---
commit efb164731990e7e476b5fcb8ccb0191bc768f637
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Tue Nov 29 14:35:30 2016 +0100

Build against libssl1.0-dev. Closes: #844303

diff --git a/debian/changelog b/debian/changelog
index e459e03..3108e84 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+ncrack (0.5-3) unstable; urgency=medium
+
+  * Team upload.
+  * Build against libssl1.0-dev. Closes: #844303
+
+ -- Raphaël Hertzog <hert...@debian.org>  Tue, 29 Nov 2016 14:33:33 +0100
+
 ncrack (0.5-2) unstable; urgency=medium
 
   * Fix FTBS due to missing build-depends on zlib1g-dev (Closes: #835787).

Bug#846200: FTBFS: test_kdb failing: libelektra-resolver.so: cannot open shared object file: No such file or directory

[Raphaël Hertzog]

Source: elektra
Version: 0.8.14-5.1
Severity: serious
Justification: FTBFS on amd64

While #811307 and #844145 are problems related to parallel building with
many cores, this one is the failure I get when building on my machine
(with 4 cores), I believe it's unrelated to parralel building:

ERROR: test_ctor (__main__.KDB)
--
Traceback (most recent call last):
  File "/<>/src/bindings/swig/python/tests/test_kdb.py", line 25, 
in test_ctor
self.assertIsInstance(kdb.KDB(), kdb.KDB)
  File "/<>/obj-x86_64-linux-gnu/src/bindings/swig/python/kdb.py", 
line 1571, in __init__
_kdb.KDB_swiginit(self, _kdb.new_KDB(*args))
kdb.KDBException: 1 Warning was issued:
 Warning number: 1
Description: could not load module, dlopen failed
Ingroup: modules
Module: dl
At: /<>/src/libloader/dl.c:80
Reason: of module: libelektra-resolver.so, because: 
libelektra-resolver.so: cannot open shared object file: No such file or 
directory
Mountpoint: 
Configfile: 
Error (#40) occurred!
Description: Failed to open default backend (see warnings for more information)
Ingroup: kdb
Module: 
At: /<>/src/libelektra/kdb.c:204
Reason: could not open default backend
Mountpoint: 
Configfile: 

And the same error happens for every kdb test:
ERROR: test_get (__main__.KDB)
ERROR: test_set (__main__.KDB)
ERROR: tearDownClass (__main__.KDB)

And also the same error with test_kda.lua:

45/85 Test #45: test_kdb.lua .***Failed0.00 sec
/usr/bin/lua: kdb:1 Warning was issued:
 Warning number: 1
Description: could not load module, dlopen failed
Ingroup: modules
Module: dl
At: /<>/src/libloader/dl.c:80
Reason: of module: libelektra-resolver.so, because: 
libelektra-resolver.so: cannot open shared object file: No such file or 
directory
Mountpoint: 
Configfile: 
Error (#40) occurred!
Description: Failed to open default backend (see warnings for more information)
Ingroup: kdb
Module: 
At: /<>/src/libelektra/kdb.c:204
Reason: could not open default backend
Mountpoint: 
Configfile: 

stack traceback:
[C]: in ?
[C]: in function 'KDB'
.../elektra-0.8.14/src/bindings/swig/lua/tests/test_kdb.lua:20: in main 
chunk
[C]: in ?


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (500, 'oldstable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#845741: xserver-xorg-video-qxl: Fails to build from source with xorg 1.19: implicit declaration of function 'QueryGlyphExtents'

[Raphaël Hertzog]

Package: xserver-xorg-video-qxl
Version: 0.1.4-3+b1
Severity: serious
Tags: upstream

The bin-NMU for Xorg 1.19 failed:
../../../src/uxa/uxa-damage.c: In function 'uxa_damage_chars':
../../../src/uxa/uxa-damage.c:947:5: error: implicit declaration of function 
'QueryGlyphExtents' [-Werror=implicit-function-declaration]
 QueryGlyphExtents(font, charinfo, n, );
 ^

This has been fixed upstream with this commit:
https://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/commit/?id=a184774ad161031cceed264d62d48ebd019ac800

It doesn't apply cleanly due to some intermediary cleanups. A further change 
allowed the usage
of libXfont2:
https://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/commit/?id=e13d28ee5d8724fc4b22f26bce01a7d36355f272

Maybe you just want to release a git snapshot or manually backport those 
patches.

Cheers,

Bug#841503: cryptsetup: initramfs cryptroot hook fails when /etc/cryptsetup-initramfs/conf-hook does not exist yet

[Raphaël Hertzog]

Package: cryptsetup
Version: 2:1.7.2-4
Severity: serious
Justification: upgrade fails

When cryptsetup is upgraded at the same time than the kernel
and when the kernel is configured before cryptsetup, the
kernel fails to configure with this error:

Paramétrage de linux-image-4.7.0-1-amd64 (4.7.6-1) ...
/etc/kernel/postinst.d/initramfs-tools:
update-initramfs: Generating /boot/initrd.img-4.7.0-1-amd64
/usr/share/initramfs-tools/hooks/cryptroot: 663: .: Can't open 
/etc/cryptsetup-initramfs/conf-hook
E: /usr/share/initramfs-tools/hooks/cryptroot failed with return 2.
update-initramfs: failed for /boot/initrd.img-4.7.0-1-amd64 with 2.
run-parts: /etc/kernel/postinst.d/initramfs-tools exited with return code 2

The problem is that /etc/cryptsetup-initramfs/conf-hook is a conffile
and it is thus put into place only during the configuration of the
package and not an unpack time.

You should thus improve /usr/share/initramfs-tools/hooks/cryptroot to
tolerate the lack of /etc/cryptsetup-initramfs/conf-hook.

Thank you!

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages cryptsetup depends on:
ii  cryptsetup-bin 2:1.7.2-4
ii  debconf [debconf-2.0]  1.5.59
ii  dmsetup2:1.02.133-1
ii  libc6  2.24-3

Versions of packages cryptsetup recommends:
ii  busybox 1:1.22.0-19
ii  console-setup   1.151
ii  initramfs-tools [linux-initramfs-tool]  0.125
ii  kbd 2.0.3-2

Versions of packages cryptsetup suggests:
ii  dosfstools  4.0-2
pn  keyutils
ii  liblocale-gettext-perl  1.07-3+b1

-- debconf information excluded

Bug#775360: marked as pending

[Raphaël Hertzog]

tag 775360 pending
thanks

Hello,

Bug #775360 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=pkg-security/p0f.git;a=commitdiff;h=e4d3f05

---
commit e4d3f0529d4081de527fd6235448c1f0f10ab83f
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Thu Sep 29 14:53:39 2016 +0200

Clean up changelog and control file

diff --git a/debian/changelog b/debian/changelog
index db4daea..8fb44fc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,13 +1,18 @@
 p0f (3.09b-1) UNRELEASED; urgency=medium
 
+  [ Sophie Brun ]
   * Import new upstream release 3.09b (Closes: #831498)
+- Version 3.07 fixed dropped some fatal errors (Closes: #775360)
   * Take over the package in the pkg-security team with the permission of
-Pierre Chifflier and add uploaders
+Pierre Chifflier. Keep him in the Uploaders.
   * Update debian/copyright
   * Update manpage
   * Add a debian/watch
-  * Fix the Lintian Warning: hardening-no-bindnow
-  * Upgrade the installation to use dh (Closes: #777179)
+  * Fix the lintian warning: hardening-no-bindnow
+  * Upgrade the rules file to use dh (Closes: #777179)
+
+  [ Raphaël Hertzog ]
+  * Bump Standards-Version to 3.9.8.
 
  -- Sophie Brun <sop...@freexian.com>  Thu, 21 Jul 2016 11:10:15 +0200
 

Bug#837534: apt-listchanges: postinst runs a Python script out of /tmp/

[Raphaël Hertzog]

Package: apt-listchanges
Version: 3.3
Severity: critical
Tags: security

The postinst script runs a Python script that it creates in /tmp/.

Unfortunately python will add the directory where the script resides
to sys.path and all the imports will be thus resolved in that
directory.

A simple user could create "/tmp/debconf.py" for example and have
his code executed by root the next time that apt-listchanges
is upgraded/configured.

(cf recent discussion in debian-devel, 
https://lists.debian.org/87twdq4cqx@hope.eyrie.org)

You should thus create that temporary file in a root-owned
directory which is specific to apt-listchanges.

You should also review whether that issue needs to be fixed in
stable/oldstable...

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.7.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apt-listchanges depends on:
ii  apt1.3~rc4
ii  debconf [debconf-2.0]  1.5.59
ii  debianutils4.8
ii  python3-apt1.1.0~beta5
pn  python3:any
ii  ucf3.0036

apt-listchanges recommends no packages.

Versions of packages apt-listchanges suggests:
ii  chromium [www-browser]53.0.2785.92-2
ii  eterm [x-terminal-emulator]   0.9.6-4
ii  firefox-esr [www-browser] 45.3.0esr-2
ii  gnome-terminal [x-terminal-emulator]  3.21.90-3
ii  lynx [www-browser]2.8.9dev9-1
ii  postfix [mail-transport-agent]3.1.0-5+b1
ii  python3-gi3.21.91-2
ii  terminator [x-terminal-emulator]  0.98-1
ii  w3m [www-browser] 0.5.3-29
ii  xterm [x-terminal-emulator]   325-1

-- debconf information excluded

Bug#835983: python-pypdf2: Incorrect Breaks/Replaces which forbids co-installation with python-pypdf

[Raphaël Hertzog]

Package: python-pypdf2
Version: 1.26.0-1
Severity: serious
Justification: co-installation
User: de...@kali.org
Usertags: origin-kali

python-pypdf and python-pypdf2 use a differente module name and can thus
be co-installed... except that this is no longer possible because you
added unversioned Breaks/Replaces on python-pypdf2.

The #764090 report that triggered those Breaks/Replaces refers to to an
old version of a binary package that was built by src:pypdf2 but that is
no longer built for quite a long time (cf #762186 that you also fixed two
years ago).

Since python-pypdf added an epoch to work around the hijack you might want
to do this:
Breaks: python-pypdf (<< 1:1.13-2)
Replaces: python-pypdf (<< 1:1.13-2)

In Kali we actually need python-pypdf and python-pypdf2 to be
co-installable.

Thank you in advance.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#828668: marked as pending

[Raphaël Hertzog]

tag 828668 pending
thanks

Hello,

Bug #828668 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-django-jsonfield.git;a=commitdiff;h=7d3008b

---
commit 7d3008b9aa0e3ee3381e08c437393c34fe001df8
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Thu Aug 18 14:25:02 2016 +0200

Add patch for Django 1.10 compatility. Closes: #828668

diff --git a/debian/changelog b/debian/changelog
index 3114c15..3ced85f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+python-django-jsonfield (1.0.1-2) unstable; urgency=medium
+
+  * Add patch for Django 1.10 compatility. Closes: #828668
+
+ -- Raphaël Hertzog <hert...@debian.org>  Thu, 18 Aug 2016 14:21:22 +0200
+
 python-django-jsonfield (1.0.1-1) unstable; urgency=medium
 
   * New upstream release incorporating the latest patch for proper support of

Bug#831737: pbnj: missing dependency on libshell-perl

[Raphaël Hertzog]

Package: pbnj
Version: 2.04-4.1
Severity: serious
User: de...@kali.org
Usertags: origin-kali

Forwarding a bug from Kali: https://bugs.kali.org/view.php?id=3420

root@kali # apt-get install pbnj
( accept dependencies and install )
root@kali # scanpbnj
Can't locate Shell.pm in @INC  blah, blah, blah ...
Begin failed--compilation aborted at /user/bin/scanbnj line 26.

This goes away if you "apt install libshell-perl".

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#828037: fontconfig: font-config should not register .dpkg-tmp files in its cache, users ends up seeing squares instead of expected characters

[Raphaël Hertzog]

Package: fontconfig
Version: 2.11.0-6.4
Severity: serious
User: de...@kali.org
Usertags: origin-kali

For many months now, I have experienced myself and I have received dozens
of reports (on the Kali side) of users having squares instead of the
expected characters in their GNOME setup. The work-around was to run "apt
--reinstall install fonts-cantarell" and I suspected that it was related
to some bad update of the font-config cache, and this has been now
confirmed:
https://www.earth.li/~noodles/blog/2016/06/fixing-firefox-fonts.html 

The above page shows an invocation of "fc-list" returning many entries
for files such as
/usr/share/fonts/opentype/cantarell/Cantarell-Regular.otf.dpkg-tmp
Those files exist only during unpack of a package and they should not
be grabbed.

So please make sure that the fontconfig cache update ignores any
.dpkg-tmp file...

Still I wonder how this is even possible as when the fontconfig trigger
runs, the packages are fully unpacked and those files should have been
already insalled under their final name. Maybe GNOME has some inotify
thing in place to update the cache dynamically? In any case, ignoring
those files at the fontconfig level should fix this issue I believe.

Sample reports on the Kali side:
https://bugs.kali.org/view.php?id=3376
https://bugs.kali.org/view.php?id=3148
https://bugs.kali.org/view.php?id=3293

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.6.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages fontconfig depends on:
ii  dpkg   1.18.7
ii  fontconfig-config  2.11.0-6.4
ii  libc6  2.22-11
ii  libfontconfig1 2.11.0-6.4
ii  libfreetype6   2.6.3-3+b1

fontconfig recommends no packages.

fontconfig suggests no packages.

-- no debconf information

Bug#825923: python-nltk: nltk/tokenize/api.py imports ntlk.six which has been dropped

[Raphaël Hertzog]

Package: python-nltk
Version: 3.2.1-1
Severity: grave
Justification: renders package unusable
User: de...@kali.org
Usertags: origin-kali

I just got a report on Kali that w3af no longer works:
https://bugs.kali.org/view.php?id=3323

The stacktrace ends with this:
  File "/usr/lib/python2.7/dist-packages/nltk/tokenize/api.py", line 14, in

from nltk.six import add_metaclass
ImportError: No module named six

The Debian patch use-six-package.diff is thus incomplete and should be updated
to also correct the import in nltk/tokenize/api.py.

Thank you for a quick fix (with urgency=high please so that it gets fixed in
testing quickly, thank you).

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.5.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#822682: libharfbuzz0b: breaks display of ê/ô/û with fonts-cantarell

[Raphaël Hertzog]

Package: libharfbuzz0b
Version: 1.2.6-2
Severity: serious

With this version of harfbuzz and fonts-cantarell 0.0.21-1 I get
incorrectly formatted accents in labels in GTK-3 apps at least.

A word like "Fenêtres" is badly displayed with the "t" being displayed
on top of the "ê". The "^" accent is a dead-letter so it must be combined
with the next letter when input on the keyboard, but once combined it
should obviously no longer have this attribute...

Example here:
http://pix.toile-libre.org/upload/original/1461678487.png

I don't know if this is a bug in harfbuzz or in fonts-cantarell (as I
don't have the problem with other fonts). In any case, if an update
is needed on fonts-cantarell, it would be nice to add a Breaks on the old
package... that's why I put this at severity serious so that the package
doesn't migrate to testing until this has been sorted out.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#822157: python-future hides and breaks python-configparser

[Raphaël Hertzog]

Source: python-future
Version: 0.15.2-1
Severity: serious
Tags: upstream
User: de...@kali.org
Usertags: origin-kali
Control: forwarded -1 https://github.com/PythonCharmers/python-future/issues/118
Control: affects -1 python-configparser

python-future provides the "configparser" module and so does
the python-configparser package... unfortunately, nobodby caught
this as there is no file conflict (configparser/__init__.py on one side
and configparser.py on other side).

But package depending on python-configparser (and there are 7 of them)
can't use the backported configparser when python-future is installed.

Upstream has not yet dropped the module but I believe we should do it
in Debian and replace it with a dependency on python-configparser. They
are not 100% API compatible but you can't get it both ways and using
the 3.X API is the way forward anyway for anyone who is looking to use
python-future.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#821789: marked as pending

[Raphaël Hertzog]

tag 821789 pending
thanks

Hello,

Bug #821789 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-django.git;a=commitdiff;h=c603f3a

---
commit c603f3a2be35c4699690693dff1e1366d7d7f249
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Wed Apr 20 17:49:33 2016 +0200

Drop the dir_to_symlink transition that was only really needed for upgrades 
between versions 1.9~rc2 and 1.9.4. Closes: #821789

diff --git a/debian/changelog b/debian/changelog
index 16b9117..d94d2e1 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-django (1.9.5-2) unstable; urgency=medium
+
+  * Drop the dir_to_symlink transition that was only really needed
+for upgrades between versions 1.9~rc2 and 1.9.4. Closes: #821789
+
+ -- Raphaël Hertzog <hert...@debian.org>  Wed, 20 Apr 2016 17:47:05 +0200
+
 python-django (1.9.5-1) unstable; urgency=medium
 
   * New upstream bugfix release:

Bug#821070: samba-vfs-modules: File overwrite error on libnon-posix-acls.so.0 when upgrading from 4.2.10 in jessie to 4.3.6 in stretch

[Raphaël Hertzog]

Package: samba-vfs-modules
Version: 2:4.3.7+dfsg-1
Severity: serious
User: de...@kali.org
Usertags: origin-kali

In a (Kali) Jenkins job that test upgrades from one release to the next I got
this error:

Preparing to unpack .../samba-vfs-modules_2%3a4.3.6+dfsg-1_i386.deb ...
Unpacking samba-vfs-modules (2:4.3.6+dfsg-1) over (2:4.2.10+dfsg-0+deb8u2) ...
dpkg: error processing archive 
/var/cache/apt/archives/samba-vfs-modules_2%3a4.3.6+dfsg-1_i386.deb (--unpack):
 trying to overwrite '/usr/lib/i386-linux-gnu/samba/libnon-posix-acls.so.0', 
which is also in package samba-libs:i386 2:4.2.10+dfsg-0+deb8u2
dpkg-deb: error: subprocess paste was killed by signal (Broken pipe)

I expect a similar error would appear if you tried to upgrade from jessie
to stretch right now.

It looks like that the version in the Replaces needs to be increased. The
last version still has a bad version:

Package: samba-vfs-modules
Source: samba
Version: 2:4.4.1+dfsg-1
[...]
Replaces: samba-libs (<< 2:4.1.1+dfsg-1)


-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages samba-vfs-modules depends on:
ii  libaio1 0.3.110-2
ii  libattr11:2.4.47-2
ii  libbsd0 0.8.2-1
ii  libc6   2.22-6
ii  libcap2 1:2.24-12
ii  libtalloc2  2.1.6-1
ii  libtdb1 1.3.8-2
ii  libtevent0  0.9.28-1
ii  samba-libs  2:4.3.7+dfsg-1

samba-vfs-modules recommends no packages.

samba-vfs-modules suggests no packages.

-- no debconf information

Bug#819472: dh-make-golang builds not accepted due to invalid Built-Using

[Raphaël Hertzog]

Package: dh-make-golang
Version: 0.0~git20150913.0.1221041-1
Severity: serious
User: de...@kali.org
Usertags: origin-kali

Recent builds of dh-make-golang (such as on arm64 or ppc64el) have been
rejected by DAK because the package generated an invalid Built-Using
field:

Built-Using: golang (= 2:1.5.1-4), golang-blackfriday-dev (= ), 
golang-golang-x-net-dev (= 0.0+git20151007.b846920+dfsg-1), 
golang-golang-x-tools (= 1:0.0~git20151026.0.0f9d71c-2)

The problem is that the package expects to find golang-blackfriday-dev but
this package is gone in unstable... instead you get
golang-github-russross-blackfriday-dev which provides it.

So please fix debian/control to mention
golang-github-russross-blackfriday-dev as first alternative in
Build-Depends (that way dh_golang will pick the correct package).

I can do an NMU if you want.

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (500, 
'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.4.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#814805: pyscard: Dropped python-pyscard without explanation

[Raphaël Hertzog]

Source: pyscard
Version: 1.9.2-1
Severity: serious
User: de...@kali.org
Usertags: origin-kali

This version of pyscard dropped the Python 2 version without any
explanation on why this was needed. In the process, you made
yubioath-desktop uninstallable (as well as another package
which is only available in Kali).

Please restore the Python 2 version of the module.

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#810785: ifupdown breaks debootstrap of Debian

[Raphaël Hertzog]

Package: ifupdown
Version: 0.8.5
Severity: critical
Justification: breaks the whole system
User: de...@kali.org

debootstrap of stretch currently fails due to ifupdown:
$ sudo debootstrap --components=main,contrib,non-free stretch stretch 
http://ftp.debian.org/debian
[...]
I: Unpacking libxapian22v5...
W: Failure while installing base packages.  This will be re-attempted up
to five times.
W: See /home/rhertzog/tmp/stretch/debootstrap/debootstrap.log for details
(possibly the package /var/cache/apt/archives/ifupdown_0.8.6_amd64.deb is
at fault)

debootstrap.log contains this:

dpkg: regarding .../ifupdown_0.8.6_amd64.deb containing ifupdown:
 ifupdown breaks systemd (<< 228-3~)
  systemd (version 228-2+b1) is present and triggered.

dpkg: error processing archive /var/cache/apt/archives/ifupdown_0.8.6_amd64.deb 
(--unpack):
 installing ifupdown would break systemd, and
 deconfiguration is not permitted (--auto-deconfigure might help)



The problem is that stretch still has systemd 228-2 and 228-4 is unlikely
to migrate quickly since it just got updated and seems to have a new RC bug.

I'm not sure what's the best way forward... possibly upload something to
testing-proposed-updates to drop that breaks temporarily until the package
migrates (and ensure 0.8.7 does not migrate before systemd).

Or force migrate the new systemd despite the age and the bug...

Ccing release team and systemd maintainers to have their opinion.

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.3.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages ifupdown depends on:
ii  adduser  3.113+nmu3
ii  init-system-helpers  1.24
ii  iproute2 4.3.0-1
ii  libc62.21-6
ii  lsb-base 9.20150917

Versions of packages ifupdown recommends:
ii  isc-dhcp-client [dhcp-client]  4.3.3-5

Versions of packages ifupdown suggests:
ii  ppp 2.4.7-1+1
pn  rdnssd  

-- no debconf information

Bug#808256: libnsgif: Should libnsgif be removed from Debian?

[Raphaël Hertzog]

Source: libnsgif
Severity: serious

Hello,

libnsgif has not seen a maintainer upload ever since its addition to
Debian in 2009.

Recently two CVE [1] have been reported against this package and I wonder
why we have this package in Debian at all.

[1] https://security-tracker.debian.org/tracker/source-package/libnsgif

There are no reverse dependencies, maybe netsurf used this library at some
point but that seems to no longer be the case.

If you agree with me please clone this bug against ftp.debian.org and
retitle it as "RM: libnsgif -- ROM; unused library package".

In the mean time I file this as severity serious so that the package gets
dropped from testing given its unmaintained state.

Thank you!

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#808257: libnsbmp: Should libnsbmp be removed from Debian?

[Raphaël Hertzog]

Source: libnsbmp
Severity: serious

Hello,

libnsbmp has not seen a maintainer upload ever since its addition to
Debian in 2009.

Recently two CVE [1] have been reported against this package and I wonder
why we have this package in Debian at all.

[1] https://security-tracker.debian.org/tracker/source-package/libnsbmp

There are no reverse dependencies, maybe netsurf used this library at some
point but that seems to no longer be the case.

If you agree with me please clone this bug against ftp.debian.org and
retitle it as "RM: libnsbmp -- ROM; unused library package".

In the mean time I file this as severity serious so that the package gets
dropped from testing given its unmaintained state.

Thank you!

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#804240: libsane: scanning does not work with HPLIP backend

[Raphaël Hertzog]

Package: libsane
Version: 1.0.25-1
Severity: serious
Control: fixed -1 1.0.25+git20150927-1

With libsane 1.0.25-1 available in sid, I can't scan with my HP printer.

I use this to start the scanning process:
simple-scan hpaio:/net/HP_Color_LaserJet_2840?ip=192.168.1.10

With libsane 1.0.24-14 in testing, it works.
With libsane 1.0.25+git20150927-1 in experimental, it works.

So I'm filing this serious bug to avoid this regression in testing
and to keep a working package around for unstable users that can quickly
downgrade to the testing version.

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libsane depends on:
ii  acl2.2.52-2
ii  adduser3.113+nmu3
ii  libavahi-client3   0.6.32~rc+dfsg-1
ii  libavahi-common3   0.6.32~rc+dfsg-1
ii  libc6  2.19-22
ii  libexif12  0.6.21-2
ii  libgphoto2-6   2.5.8-3
ii  libgphoto2-port12  2.5.8-3
ii  libieee1284-3  0.2.11-12
ii  libjpeg62-turbo1:1.4.1-2
ii  libsane-common 1.0.25+git20150927-1
ii  libtiff5   4.0.5-1
ii  libusb-1.0-0   2:1.0.20-1
ii  udev   227-2

Versions of packages libsane recommends:
ii  libsane-extras  1.0.22.3
ii  sane-utils  1.0.25+git20150927-1

Versions of packages libsane suggests:
ii  avahi-daemon  0.6.32~rc+dfsg-1
ii  hplip 3.14.6-1+b3

-- no debconf information

Bug#802671: bouncycastle: ECC private keys can be recovered via invalid curve attack

[Raphaël Hertzog]

Source: bouncycastle
Version: 1.44+dfsg-2
Severity: serious
Tags: security
Control: fixed -1 1.51-1

Hello,

bouncycastle 1.49 in stable/testing/unstable (and 1.44 in wheezy/squeeze)
is vulnerable to an invalid curve attack as described here:
https://web-in-security.blogspot.ca/2015/09/practical-invalid-curve-attacks.html

This is fixed in version 1.51 (in experimental).

The upstream patches that fix this issue should be those ones:
https://github.com/bcgit/bc-java/commit/5cb2f05
https://github.com/bcgit/bc-java/commit/e25e94a

A CVE has been requested here:
http://www.openwall.com/lists/oss-security/2015/10/22/7

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#802480: gnome-keyring: iceweasel gets stuck when login into a password-protected website

[Raphaël Hertzog]

Package: gnome-keyring
Version: 3.18.1-1
Severity: grave
Justification: renders package unusable
Control: forwarded -1 https://bugzilla.gnome.org/show_bug.cgi?id=756865

This is the continuation of #800660 (that I failed to re-open). There's
still something fishy in gnome-keyring and I have filed this upstream.

Have a look at https://bugzilla.gnome.org/show_bug.cgi?id=756865 for
details.

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-keyring depends on:
ii  dbus-x11 1.10.0-3
ii  dconf-gsettings-backend [gsettings-backend]  0.24.0-2
ii  gcr  3.18.0-1
ii  libc62.19-22
ii  libcap-ng0   0.7.7-1
ii  libcap2-bin  1:2.24-12
ii  libgck-1-0   3.18.0-1
ii  libgcr-base-3-1  3.18.0-1
ii  libgcrypt20  1.6.4-3
ii  libglib2.0-0 2.46.1-1
ii  p11-kit  0.23.1-3
ii  pinentry-gnome3  0.9.6-3

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring  3.18.1-1

gnome-keyring suggests no packages.

-- no debconf information

Bug#800675: marked as pending

[Raphaël Hertzog]

tag 800675 pending
thanks

Hello,

Bug #800675 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/pylint-django.git;a=commitdiff;h=ca5eba0

---
commit ca5eba0c955ca4b86faeabe6291c7af4d9b3a05f
Author: Raphaël Hertzog <hert...@debian.org>
Date:   Sat Oct 10 22:04:34 2015 +0200

Add missing packages to Build-Depends.

diff --git a/debian/changelog b/debian/changelog
index f3d7310..ef86d78 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+pylint-django (0.6-2) UNRELEASED; urgency=medium
+
+  * Team upload.
+  * Add pylint, pylint3, python-pylint-plugin-utils,
+python3-pylint-plugin-utils to Build-Depends for the test
+suite that is now auto-executed with Python 3.5.
+Closes: #800675
+
+ -- Raphaël Hertzog <hert...@debian.org>  Sat, 10 Oct 2015 22:03:49 +0200
+
 pylint-django (0.6-1) unstable; urgency=medium
 
   * Initial release (Closes: #768567)

Bug#800660: gnome-keyring: crashes iceweasel when logging into a password-protected website

[Raphaël Hertzog]

Package: gnome-keyring
Version: 3.18.0-1
Severity: grave
Justification: renders package unusable

Since I upgraded to gnome-keyring 3.18, I'm no longer able to login into
password-protected website with iceweasel. It just gets stuck and I have
to kill it.

In the logs I see this:

oct. 02 10:04:42 x230-buxy gnome-keyring-daemon[2195]: asked to register item 
/org/freedesktop/secrets/collection/login/23, but it's already registered
oct. 02 10:05:06 x230-buxy gnome-session[2199]: ** (gnome-shell:2354): CRITICAL 
**: remove_mnemonics: assertion 'label != NULL' failed
oct. 02 10:05:06 x230-buxy gnome-keyring-daemon[2195]: could not register 
secret unlock prompt on session bus: Un objet est déjà exporté pour l'interface 
« org.freedesktop.Secret.Prompt » en « /org/freedesktop/secrets/prompt/p6 »
oct. 02 10:05:06 x230-buxy gnome-keyring-daemon[2195]: GLib-GIO: 
g_dbus_interface_skeleton_unexport: assertion 'interface_->priv->connections != 
NULL' failed

“Un objet est déjà exporté pour l'interface“ means “An object is already
exported for the interface”.

Note that I am using dbus-user-session 1.10.0-3 in order to make
pinentry-gnome3 work with gpg-agent (which otherwise lacks the variables for
the session dbus).

Note that I also have customized start up scripts:
$ tail -n 1 /home/rhertzog/.config/autostart/gnome-keyring-*.desktop 
==> /home/rhertzog/.config/autostart/gnome-keyring-gpg.desktop <==
X-GNOME-Autostart-enabled=false

==> /home/rhertzog/.config/autostart/gnome-keyring-ssh.desktop <==
X-GNOME-Autostart-enabled=false

I don't know if it's still needed nowadays but in the past, it
used to take over the place of gpg-agent which handles both GPG
and SSH keys for me.

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'testing'), (500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.2.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages gnome-keyring depends on:
ii  dbus-x11 1.10.0-3
ii  dconf-gsettings-backend [gsettings-backend]  0.24.0-2
ii  gcr  3.16.0-1
ii  libc62.19-22
ii  libcap-ng0   0.7.7-1
ii  libcap2-bin  1:2.24-11
ii  libgck-1-0   3.16.0-1
ii  libgcr-base-3-1  3.16.0-1
ii  libgcrypt20  1.6.3-2
ii  libglib2.0-0 2.46.0-2
ii  p11-kit  0.23.1-3
ii  pinentry-gnome3  0.9.5-4.1

Versions of packages gnome-keyring recommends:
ii  libpam-gnome-keyring  3.18.0-1

gnome-keyring suggests no packages.

-- no debconf information

Bug#799550: libuhd003v5 lost its v5 suffix...

[Raphaël Hertzog]

Package: libuhd003
Version: 3.9.0-1
Severity: serious
User: de...@kali.org
Usertags: origin-kali

I just noticed that with uhd 3.9.0 libuhd003 lost the v5 suffix that had
been introduced with 3.8.5-2.1.

And the changelog has no explanation for this. So to avoid problems
when upgrading from jessie to stretch, this should be fixed again...

Thank you!

-- System Information:
Debian Release: stretch/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 
'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.1.0-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Bug#796892: ftp.debian.org: Broken Sources.bz2 file for at least 3 repositories

[Raphaël Hertzog]

Package: ftp.debian.org
Severity: grave

tracker.debian.org has been failing to import new source packages for
4 days. I have such failures during apt-get update:
[...]
FetchFailedException: W:Failed to fetch 
file:/srv/mirrors/debian/dists/jessie-backports/main/source/Sources  Hash Sum 
mismatch
, W:Failed to fetch 
file:/srv/mirrors/debian/dists/jessie-backports/non-free/source/Sources  Hash 
Sum mismatch
, W:Failed to fetch 
file:/srv/mirrors/debian/dists/proposed-updates/main/source/Sources  Hash Sum 
mismatch
, E:Some index files failed to download. They have been ignored, or old ones 
used instead.

Double checking everything with the corresponding Release file I noticed
this:

The size/checksums of the  uncompressed Sources entry does not
match the file that you get when you uncompress the .bz2 file.

When you uncompress the .xz file then you have the expected content
and it matches the data of the uncompressed entry in Release.

In both cases, the size/checksum of the .bz2 and .xz file matches
the data from the Release file.

hertzog@ticharich:/srv/tracker.debian.org/distro-tracker$ bzip2 -dc 
/srv/mirrors/debian/dists/proposed-updates/main/source/Sources.bz2 /tmp/Sources
hertzog@ticharich:/srv/tracker.debian.org/distro-tracker$ md5sum /tmp/Sources 
a1d3ad43e13bf3bd1ffc9a25b572c17a  /tmp/Sources
hertzog@ticharich:/srv/tracker.debian.org/distro-tracker$ grep 
main/source/Sources$ /srv/mirrors/debian/dists/proposed-updates/Release
 653093668be2c8f6cb884a553c7ab7bf   430108 main/source/Sources
 39e40dd8616c7819bbb20486015766d440832afc   430108 main/source/Sources
 033f74594208451e9fdb9083608b5fe43d00444e8ee4aaf2e04b1332b6b6002d 430108 
main/source/Sources
hertzog@ticharich:/srv/tracker.debian.org/distro-tracker$ ls -l /tmp/Sources 
-rw-r--r-- 1 hertzog Debian 418824 août  25 13:23 /tmp/Sources

hertzog@ticharich:/srv/tracker.debian.org/distro-tracker$ xz -dc 
/srv/mirrors/debian/dists/proposed-updates/main/source/Sources.xz /tmp/Sources 
hertzog@ticharich:/srv/tracker.debian.org/distro-tracker$ ls -l /tmp/Sources
-rw-r--r-- 1 hertzog Debian 430108 août  25 13:40 /tmp/Sources
hertzog@ticharich:/srv/tracker.debian.org/distro-tracker$ md5sum /tmp/Sources
653093668be2c8f6cb884a553c7ab7bf  /tmp/Sources


So it looks like the Sources.bz2 is stale for a few repositories...

Bug#791588: texinfo: package installation fails with update-fmtutil: cannot read /etc/texmf/fmt.d/00tex.cnf

[Raphaël Hertzog]

Package: texinfo
Version: 6.0.0.dfsg.1-2
Severity: serious
User: de...@kali.org
Usertags: origin-kali

The problem is that texinfo's postinst can fail this way:

Setting up texinfo (6.0.0.dfsg.1-2) ...
update-fmtutil: cannot read /etc/texmf/fmt.d/00tex.cnf
update-fmtutil: if it was removed by accident, it has to be reinstalled with
update-fmtutil:   t=$(mktemp -d); cd $t; apt-get download tex-common ; dpkg -i 
--force-confmiss tex-common*.deb
dpkg: error processing package texinfo (--configure):
 subprocess installed post-installation script returned error exit status 1

This happens when tex-common is installed in the same apt-get invocation
but when it's configured only after texinfo. As soon as tex-common is 
unpacked,
update-fmtutil is available but /etc/texmf/fmt.d/00tex.cnf is only available
once tex-common has been configured.

The postinst of texinfo mentions that this problem is known but for some reason
the relevant check has been disabled. It should be reinstated:

# update-fmtutil checks for /etc/texmf/fmt.d/00tex.cnf which
# may not be present, also the update-fmtutil is already
# present (config files are installed at config time!)
# So we have to check for the existence of this file
# before we can call update-fmtutil
#if [ -r /etc/texmf/fmt.d/00tex.cnf ] ; then
if which update-fmtutil  /dev/null ; then update-fmtutil --quiet ; 
fi
#fi

I had this failure when building a large live image for Kali but I managed
to recreate it in a plain stretch chroot with a simple apt-get install texinfo
tex-common. See the full log below:

(stretch-amd64-sbuild)root@x230-buxy:~# apt-get install texinfo tex-common
Reading package lists... Done
Building dependency tree   
Reading state information... Done
The following extra packages will be installed:
  ca-certificates ifupdown iproute2 isc-dhcp-client isc-dhcp-common libatm1 
libauthen-sasl-perl
  libdns-export100 libencode-locale-perl libexpat1 libfile-listing-perl 
libfont-afm-perl
  libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl 
libhtml-tree-perl
  libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl 
libhttp-message-perl
  libhttp-negotiate-perl libintl-perl libio-html-perl libio-socket-ssl-perl 
libirs-export91
  libisc-export95 libisccfg-export90 liblwp-mediatypes-perl 
liblwp-protocol-https-perl
  libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl 
libssl1.0.0
  libtext-unidecode-perl liburi-perl libwww-perl libwww-robotrules-perl 
libxml-libxml-perl
  libxml-namespacesupport-perl libxml-parser-perl libxml-sax-base-perl 
libxml-sax-expat-perl
  libxml-sax-perl libxml2 libxtables10 netbase openssl sgml-base ucf xml-core
Suggested packages:
  ppp rdnssd iproute2-doc resolvconf avahi-autoipd libdigest-hmac-perl 
libgssapi-perl libdata-dump-perl
  libintl-xs-perl libcrypt-ssleay-perl libauthen-ntlm-perl sgml-base-doc 
debhelper texlive-base
  texlive-latex-base texlive-generic-recommended texinfo-doc-nonfree
The following NEW packages will be installed:
  ca-certificates ifupdown iproute2 isc-dhcp-client isc-dhcp-common libatm1 
libauthen-sasl-perl
  libdns-export100 libencode-locale-perl libexpat1 libfile-listing-perl 
libfont-afm-perl
  libhtml-form-perl libhtml-format-perl libhtml-parser-perl libhtml-tagset-perl 
libhtml-tree-perl
  libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl 
libhttp-message-perl
  libhttp-negotiate-perl libintl-perl libio-html-perl libio-socket-ssl-perl 
libirs-export91
  libisc-export95 libisccfg-export90 liblwp-mediatypes-perl 
liblwp-protocol-https-perl
  libmailtools-perl libnet-http-perl libnet-smtp-ssl-perl libnet-ssleay-perl 
libssl1.0.0
  libtext-unidecode-perl liburi-perl libwww-perl libwww-robotrules-perl 
libxml-libxml-perl
  libxml-namespacesupport-perl libxml-parser-perl libxml-sax-base-perl 
libxml-sax-expat-perl
  libxml-sax-perl libxml2 libxtables10 netbase openssl sgml-base tex-common 
texinfo ucf xml-core
0 upgraded, 54 newly installed, 0 to remove and 5 not upgraded.
Need to get 10.2 MB of archives.
After this operation, 30.5 MB of additional disk space will be used.
Do you want to continue? [Y/n] 
Get:1 http://192.168.1.4/debian/ stretch/main libxml2 amd64 2.9.1+dfsg1-5 [800 
kB]
Get:2 http://192.168.1.4/debian/ stretch/main libatm1 amd64 1:2.5.1-1.5 [73.3 
kB]
Get:3 http://192.168.1.4/debian/ stretch/main libisc-export95 amd64 
1:9.9.5.dfsg-9 [140 kB]
Get:4 http://192.168.1.4/debian/ stretch/main libdns-export100 amd64 
1:9.9.5.dfsg-9 [455 kB]
Get:5 http://192.168.1.4/debian/ stretch/main libexpat1 amd64 2.1.0-6+b3 [80.3 
kB]
Get:6 http://192.168.1.4/debian/ stretch/main libisccfg-export90 amd64 
1:9.9.5.dfsg-9 [39.9 kB]
Get:7 http://192.168.1.4/debian/ stretch/main libirs-export91 amd64 
1:9.9.5.dfsg-9 [37.6 kB]
Get:8 http://192.168.1.4/debian/ stretch/main sgml-base all 1.26+nmu4 [14.6 kB]
Get:9 http://192.168.1.4/debian/ stretch/main iproute2 amd64 4.0.0-1 [449 

Bug#791591: pinba-engine-mysql-5.5: package is uninstallable, unsatisfiable dep on mysql-server-core-5.5 ( 5.5.43)

[Raphaël Hertzog]

Package: pinba-engine-mysql-5.5
Version: 1.0.0-4
Severity: grave
Justification: renders package unusable
User: de...@kali.org
Usertags: origin-kali

The package is not installable in stretch or sid:

(stretch-amd64-sbuild)root@x230-buxy:/root# apt-get install 
pinba-engine-mysql-5.5
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 pinba-engine-mysql-5.5 : Depends: mysql-server-core-5.5 ( 5.5.43) but 
5.5.43-0+deb8u1 is to be installed
  Recommends: mysql-client-5.5 but it is not going to 
be installed
E: Unable to correct problems, you have held broken packages.

-- System Information:
Debian Release: stretch/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'oldoldstable'), (500, 'unstable'), 
(500, 'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.0.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#781155: openbsd-inetd: openbsd-inetd.service should be the main service file

[Raphaël Hertzog]

Package: openbsd-inetd
Version: 0.20140418-2
Severity: serious
User: de...@kali.org
Usertags: origin-kali

systemd doesn't seem to handle having two service files for the same
service very well.

For example, systemctl disable openbsd-inetd does not work since
inetd.service is the unit enabled by default:

$ ls -al /etc/systemd/system/multi-user.target.wants/inetd.service
lrwxrwxrwx 1 root root 33 mars  25 11:08 
/etc/systemd/system/multi-user.target.wants/inetd.service - 
/lib/systemd/system/inetd.service
$ sudo systemctl status openbsd-inetd
● inetd.service - Internet superserver
   Loaded: loaded (/lib/systemd/system/inetd.service; enabled)
   Active: active (running) since sam. 2015-03-21 16:27:25 CET; 3 days ago
 Docs: man:inetd(8)
 Main PID: 728 (inetd)
   CGroup: /system.slice/inetd.service
   └─728 /usr/sbin/inetd -i
$ sudo systemctl disable openbsd-inetd
Synchronizing state for openbsd-inetd.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d openbsd-inetd defaults
insserv: warning: current start runlevel(s) (empty) of script `openbsd-inetd' 
overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script 
`openbsd-inetd' overrides LSB defaults (0 1 6).
Executing /usr/sbin/update-rc.d openbsd-inetd disable
insserv: warning: current start runlevel(s) (empty) of script `openbsd-inetd' 
overrides LSB defaults (2 3 4 5).
insserv: warning: current stop runlevel(s) (0 1 2 3 4 5 6) of script 
`openbsd-inetd' overrides LSB defaults (0 1 6).
$ sudo systemctl status openbsd-inetd
● inetd.service - Internet superserver
   Loaded: loaded (/lib/systemd/system/inetd.service; enabled)
   Active: active (running) since sam. 2015-03-21 16:27:25 CET; 3 days ago
 Docs: man:inetd(8)
 Main PID: 728 (inetd)
   CGroup: /system.slice/inetd.service
   └─728 /usr/sbin/inetd -i

I believe that the the main service file should be openbsd-inetd.service and
that you should not ship any symlink. Instead you should add 
Alias=inetd.service
to the openbsd-inetd.service file (in section [Install]).

That's the only setup that seems to work reasonably well. I tried having 
inetd.service
only with Alias=openbsd-inetd.service but that is not enough to disable the 
creation
of the openbsd-inetd SysV compat service file
(/run/systemd/generator.late/openbsd-inetd.service).

But even with this setup, you can't use systemctl enable|disable inetd since
that would not touch the openbsd-inetd.symlinks...

I have put serious severity because the above behaviour means that administrator
can't rely on update-rc.d disable doing the right thing (even if update-rc.d
is fixed, cf #746580) and that we should really fix this for jessie IMO.

-- System Information:
Debian Release: 8.0
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages openbsd-inetd depends on:
ii  init-system-helpers  1.22
ii  libbsd0  0.7.0-2
ii  libc62.19-16
ii  libwrap0 7.6.q-25
ii  lsb-base 4.1+Debian13+nmu1
ii  tcpd 7.6.q-25
ii  update-inetd 4.43

openbsd-inetd recommends no packages.

openbsd-inetd suggests no packages.

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#777532: python-django: FTBFS in test deprecation.tests.DeprecatedChineseLanguageCodes.test_deprecation_warning

[Raphaël Hertzog]

Package: python-django
Version: 1.7.1-1.1
Severity: serious
Justification: FTBFS

The build fails when running the test suite in Python 3:

==
FAIL: test_deprecation_warning 
(deprecation.tests.DeprecatedChineseLanguageCodes)
--
Traceback (most recent call last):
  File /«PKGBUILDDIR»/tests/deprecation/tests.py, line 206, in 
test_deprecation_warning
The use of the language code 'zh-tw' is deprecated. 
AssertionError: Lists differ: [The[93 chars]., unclosed file _io.FileIO 
name='/build/py[185 chars]ad.] != [The[93 chars]., The use of the language 
code 'zh-tw' is d[53 chars]ad.]

First differing element 1:
unclosed file _io.FileIO 
name='/«PKGBUILDDIR»/tests/view_tests/media/long-line.txt' mode='rb'
The use of the language code 'zh-tw' is deprecated. Please use the 'zh-hant' 
translation instead.

First list contains 1 additional elements.
First extra element 2:
The use of the language code 'zh-tw' is deprecated. Please use the 'zh-hant' 
translation instead.

  [The use of the language code 'zh-cn' is deprecated. Please use the 
   'zh-hans' translation instead.,
-  'unclosed file _io.FileIO '
-  name='/«PKGBUILDDIR»/tests/view_tests/media/long-line.txt' 
-  mode='rb',
   The use of the language code 'zh-tw' is deprecated. Please use the 
   'zh-hant' translation instead.]

--
Ran 7275 tests in 231.349s

FAILED (failures=1, skipped=530, expected failures=7)
  Applying sessions.0001_initial... OK
Destroying test database for alias 'default' (':memory:')...
Destroying test database for alias 'other' (':memory:')...
make[1]: *** [override_dh_auto_test] Error 1
debian/rules:30: recipe for target 'override_dh_auto_test' failed
make[1]: Leaving directory '/«PKGBUILDDIR»'
make: *** [build] Error 2


This is https://code.djangoproject.com/ticket/24193 fixed in Django 1.7.4.


-- System Information:
Debian Release: 8.0
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages python-django depends on:
ii  python-django-common  1.7.4-1~exp1
pn  python:anynone

Versions of packages python-django recommends:
ii  libjs-jquery 1.7.2+dfsg-3.2
ii  python-sqlparse  0.1.13-2
ii  python-tz2012c+dfsg-0.1

Versions of packages python-django suggests:
pn  bpythonnone
pn  geoip-database-extra | geoip-database-contrib  none
ii  gettext0.19.3-2
pn  ipythonnone
pn  libgdal1   none
ii  python-bcrypt  0.4-2+b1
ii  python-django-doc  1.7.4-1~exp1
pn  python-flupnone
pn  python-memcachenone
pn  python-mysqldb none
ii  python-pil 2.6.1-1+b1
ii  python-psycopg22.5.4+dfsg-1
pn  python-sqlite  none
ii  python-yaml3.11-2

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775375: marked as pending

[Raphaël Hertzog]

tag 775375 pending
thanks

Hello,

Bug #775375 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-django.git;a=commitdiff;h=3f5c481

---
commit 3f5c481b72dac398ca22b6d44a0479f199f961c4
Merge: d87b702 b89ad8c
Author: Raphaël Hertzog hert...@debian.org
Date:   Wed Jan 28 21:48:59 2015 +0100

Merge remote-tracking branch 'origin/debian/wheezy-lfaraone' into 
debian/wheezy

Integrate the 1.4.5-1+deb7u8 upload of Luke Faraone that somehow got lost
in this branch.

Conflicts:
debian/changelog
debian/patches/series

diff --cc debian/changelog
index 2c59f9d,38a8623..ab3f283
--- a/debian/changelog
+++ b/debian/changelog
@@@ -1,16 -1,13 +1,27 @@@
- python-django (1.4.5-1+deb7u8) stable-security; urgency=medium
++python-django (1.4.5-1+deb7u9) wheezy-security; urgency=high
 +
 +  * New upstream security release:
 +https://www.djangoproject.com/weblog/2015/jan/13/security/
 +- WSGI header spoofing via underscore/dash conflation (CVE-2015-0219)
 +- Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220)
 +- Denial-of-service attack against django.views.static.serve
 +  (CVE-2015-0221)
++Closes: #775375
 +  * Also include a fix for a regression introduced by the patch for
 +CVE-2015-0221: https://code.djangoproject.com/ticket/24158
 +
 + -- Raphaël Hertzog hert...@debian.org  Wed, 28 Jan 2015 10:24:59 +0100
 +
+ python-django (1.4.5-1+deb7u8) wheezy-security; urgency=high
+ 
+   * New upstream security release.
 -- reverse() can generate URLs pointing to other hosts (CVE-2014-0480) 

 
 -- file upload denial of service (CVE-2014-0481)   

 
 -- RemoteUserMiddleware session hijacking (CVE-2014-0482)  

 
++- reverse() can generate URLs pointing to other hosts (CVE-2014-0480)
++- file upload denial of service (CVE-2014-0481)
++- RemoteUserMiddleware session hijacking (CVE-2014-0482)
+ - data leakage via querystring manipulation in admin (CVE-2014-0483)   
+ 
+  -- Luke Faraone lfara...@debian.org  Wed, 20 Aug 2014 01:46:17 -0700
+ 
  python-django (1.4.5-1+deb7u7) stable-security; urgency=high
  
* New upstream security release.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775375: marked as pending

[Raphaël Hertzog]

tag 775375 pending
thanks

Hello,

Bug #775375 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-django.git;a=commitdiff;h=85cbbdc

---
commit 85cbbdc59c22ededb69ccf8e6a8254d0af9f9451
Author: Raphaël Hertzog hert...@debian.org
Date:   Wed Jan 21 10:38:25 2015 +0100

Prepare release to experimental

Keep 1.7.3-1 for the unstable upload in case the release team acks
it, so use 1.7.3-1~exp1 for now.

diff --git a/debian/changelog b/debian/changelog
index cb21a26..5a17859 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,12 +1,14 @@
-python-django (1.7.3-1) UNRELEASED; urgency=high
+python-django (1.7.3-1~exp1) experimental; urgency=high
 
+  [ Luke Faraone ]
   * New upstream security release.
 - WSGI header spoofing via underscore/dash conflation (CVE-2015-0219)
 - Possible XSS attack via user-supplied redirect URLs (CVE-2015-0220)
 - DoS attack against django.views.static.serve (CVE-2015-0221)
 - Database DoS with ModelMultipleChoiceField (CVE-2015-0222)
+Closes: #775375
 
- -- Luke Faraone lfara...@debian.org  Thu, 15 Jan 2015 21:42:11 -0800
+ -- Raphaël Hertzog hert...@debian.org  Wed, 21 Jan 2015 09:56:19 +0100
 
 python-django (1.7.2-1) experimental; urgency=medium
 


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#765117: marked as pending

[Raphaël Hertzog]

tag 765117 pending
thanks

Hello,

Bug #765117 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:


http://git.debian.org/?p=python-modules/packages/python-django.git;a=commitdiff;h=c3a87ac

---
commit c3a87ac9fe2c27ea55285eb29477bb66c3dd7969
Author: Raphaël Hertzog hert...@debian.org
Date:   Wed Oct 15 10:35:12 2014 +0200

Add 01_fix_test_loaddata_not_existant_fixture_file.patch to fix FTBFS with 
Python 3.4.2. Closes: #765117

diff --git a/debian/changelog b/debian/changelog
index e947ba4..5fcef00 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+python-django (1.7-3) UNRELEASED; urgency=medium
+
+  * Add 01_fix_test_loaddata_not_existant_fixture_file.patch
+to fix FTBFS with Python 3.4.2. Closes: #765117
+
+ -- Raphaël Hertzog hert...@debian.org  Wed, 15 Oct 2014 10:29:27 +0200
+
 python-django (1.7-2) unstable; urgency=medium
 
   * Release to unstable.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#762780: argyll-refV File conflict without Replaces field with argyll 1.5.1-8

[Raphaël Hertzog]

Package: argyll-ref
Version: 1.6.3-1
Severity: serious
Justification: file conflict

The problem is the usual dpkg file overwrite error (sorry the message is in 
French):

Dépaquetage de argyll-ref (1.6.3-1) ...
dpkg: erreur de traitement de l'archive 
/var/cache/apt/archives/argyll-ref_1.6.3-1_all.deb (--unpack) :
 tentative de remplacement de « /usr/share/color/argyll/ref/D50_2.0.sp », qui 
appartient aussi au paquet argyll 1.5.1-8

You need to add a Replaces: argyll ( 1.6.3-1) in argyll-ref if that package
takes over files that used to be owned by argyll.

Cheers,
-- System Information:
Debian Release: jessie/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#762462: glassfish: Current version no longer supported upstream

[Raphaël Hertzog]

Source: glassfish
Version: 1:2.1.1-b31g+dfsg1-1
Severity: serious
Tags: security

Hello,

while looking up open security issues in glassfish I noticed that the
current version is no longer supported upstream (according to
http://www.oracle.com/us/support/library/lifetime-support-middleware-069163.pdf).

You already have open security issues that nobody knows how to fix so
it's clearly not acceptable to release this version in jessie:
https://security-tracker.debian.org/tracker/source-package/glassfish

Please consider packaging version 4.x which seems to be mentionned
on the upstream homepage:
https://glassfish.java.net/download.html

Regards,

-- System Information:
Debian Release: jessie/sid
  APT prefers squeeze-lts
  APT policy: (500, 'squeeze-lts'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (500, 'oldstable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.14-2-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#751109: marked as pending

[Raphaël Hertzog]

tag 751109 pending
thanks

Hello,

Bug #751109 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=collab-maint/quilt.git;a=commitdiff;h=0a14d91

---
commit 0a14d913cbd6d69781c1c6690071ac4e79742e47
Author: Raphaël Hertzog hert...@debian.org
Date:   Tue Jun 17 09:03:06 2014 +0200

Disable debian/patches/test-completion to avoid a test failure during build

Closes: #751109
Reported-by: Michael Tautschnig m...@debian.org

diff --git a/debian/changelog b/debian/changelog
index 2c660d3..f8fdfc4 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+quilt (0.63-3) unstable; urgency=medium
+
+  * Disable debian/patches/test-completion to avoid a test failure during
+build. Closes: #751109
+
+ -- Raphaël Hertzog hert...@debian.org  Tue, 17 Jun 2014 09:01:58 +0200
+
 quilt (0.63-2) unstable; urgency=medium
 
   * d/p/test-completion: new patch to test the bash completion scripts


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#709164: tex-common: updmap-sys fails with “Cannot find TEXMFROOT, aborting!” and package doesn't configure

[Raphaël Hertzog]

Package: tex-common
Version: 4.03
Severity: grave
Justification: renders package unusable

$ sudo dpkg --configure -a
Setting up tex-common (4.03) ...
Running mktexlsr. This may take some time... done.
Running updmap-sys. This may take some time... 
updmap-sys failed. Output has been stored in
/tmp/updmap.iagKwjQc
Please include this file if you report a bug.

Sometimes, not accepting conffile updates in /etc/texmf/updmap.d
causes updmap-sys to fail.  Please check for files with extension
.dpkg-dist or .ucf-dist in this directory

dpkg: error processing tex-common (--configure):
 subprocess installed post-installation script returned error exit status 1
dpkg: dependency problems prevent configuration of luatex:
 luatex depends on tex-common (= 4.03); however:
  Package tex-common is not configured yet.

dpkg: error processing luatex (--configure):
 dependency problems - leaving unconfigured
Errors were encountered while processing:
 tex-common
 luatex
$ sudo cat /tmp/updmap.iagKwjQc
updmap: Cannot find TEXMFROOT, aborting!
$ ls -al /etc/texmf/updmap.d
ls: cannot access /etc/texmf/updmap.d: No such file or directory
$ dpkg -S /etc/texmf/updmap.d
dpkg-query: no path found matching pattern /etc/texmf/updmap.d

This is after today's dist-upgrade in Debian Unstable.

-- System Information:
Debian Release: jessie/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.8-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages tex-common depends on:
ii  debconf [debconf-2.0]  1.5.50
ii  dpkg   1.17.0+0~1367982640.169~1.gbp57b46c
ii  ucf3.0027

tex-common recommends no packages.

Versions of packages tex-common suggests:
ii  debhelper  9.20130518

Versions of packages texlive-base depends on:
ii  debconf [debconf-2.0]  1.5.50
ii  dpkg   1.17.0+0~1367982640.169~1.gbp57b46c
ii  install-info   5.1.dfsg.1-3
ii  libpaper-utils 1.1.24+nmu2
iu  luatex 0.76.0-2
ii  texlive-binaries   2012.20120628-4
ii  texlive-common 2012.20120611-5
ii  texlive-doc-base   2012.20120611-1
ii  ucf3.0027
ii  xdg-utils  1.1.0~rc1+git20111210-7

Versions of packages texlive-base recommends:
ii  lmodern  2.004.4-3

Versions of packages texlive-base suggests:
ii  acroread [pdf-viewer]9.5.1-dmo7
ii  evince [postscript-viewer]   3.4.0-3.1
ii  ghostscript [postscript-viewer]  9.05~dfsg-6.3
ii  perl-tk  1:804.030-1

Versions of packages texlive-binaries depends on:
ii  dpkg1.17.0+0~1367982640.169~1.gbp57b46c
ii  ed  1.8-1
ii  install-info5.1.dfsg.1-3
ii  libc6   2.17-3
ii  libfontconfig1  2.9.0-7.1
ii  libfreetype62.4.9-1.1
ii  libgcc1 1:4.8.0-7
ii  libgraphite31:2.3.1-0.2
ii  libgs9  9.05~dfsg-6.3
ii  libkpathsea62013.20130516.30500-1
ii  libpng12-0  1.2.49-4
ii  libpoppler190.18.4-6
ii  libptexenc1 2013.20130516.30500-1
ii  libstdc++6  4.8.0-7
ii  libx11-62:1.5.0-1
ii  libxaw7 2:1.0.10-2
ii  libxmu6 2:1.1.1-1
ii  libxpm4 1:3.5.10-1
ii  libxt6  1:1.1.3-1
ii  perl5.14.2-21
ii  texlive-common  2012.20120611-5
ii  zlib1g  1:1.2.8.dfsg-1

Versions of packages texlive-binaries recommends:
iu  luatex  0.76.0-2
ii  python  2.7.3-5
ii  ruby1:1.9.3
ii  ruby1.8 [ruby]  1.8.7.358-7
ii  texlive-base2012.20120611-5
ii  tk8.5 [wish]8.5.11-2
ii  tk8.6 [wish]8.6.0-1

-- debconf information:
  texlive-base/texconfig_ignorant:
  tex-common/check_texmf_wrong:
  texlive-base/binary_chooser: pdftex, dvips, dvipdfmx, xdvi
  tex-common/check_texmf_missing:


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#698916: marked as pending

[Raphaël Hertzog]

tag 698916 pending
thanks

Hello,

Bug #698916 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=collab-maint/wordpress.git;a=commitdiff;h=b632282

---
commit b6322823227e51fc2dbdbe509ba1777db565cbd4
Author: Raphaël Hertzog hert...@debian.org
Date:   Mon Jan 28 17:35:57 2013 +0100

Changelog for new upstream release

diff --git a/debian/changelog b/debian/changelog
index 1326331..837e51b 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+wordpress (3.5.1+dfsg-1) unstable; urgency=low
+
+  * New upstream maintenance and security release. Closes: #698916
+
+ -- Raphaël Hertzog hert...@debian.org  Mon, 28 Jan 2013 17:15:27 +0100
+
 wordpress (3.5+dfsg-1) unstable; urgency=low
 
   * New upstream release.


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#697747: salt-common: package is lacking salt/modules/debian_service.py

[Raphaël Hertzog]

Package: salt-common
Version: 0.11.1-1
Severity: grave
Justification: renders package unusable

The modules salt/modules/debian_service.py which is used to manage
services on Debian hosts has disappeared in this 0.11.1-1 version... this
is annoying as it breaks service management by salt.

I get this in particular:
An exception occured in this state: Traceback (most recent call last):
  File /usr/lib/python2.7/dist-packages/salt/state.py, line 1206, in call
*cdata['args'], **cdata['kwargs'])
  File /usr/lib/python2.7/dist-packages/salt/states/service.py, line 222, in 
running
if __salt__['service.status'](name, sig):
KeyError: 'service.status'


The file is still there upstream:
https://github.com/saltstack/salt/blob/develop/salt/modules/debian_service.py

It's also present in the .tar.gz at
http://pypi.python.org/packages/source/s/salt/salt-0.11.1.tar.gz

So it must be a bug in the Debian packaging...

The file is missing in salt_0.11.1.orig.tar.gz uploaded to Debian. Any reason
why you're not using the pristine upstream tarball that can be downloaded with
uscan?

-- System Information:
Debian Release: 7.0
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.6-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#688355: network-manager: NM breaks /etc/network/interfaces with DHCP + manual IPv6 entries created by wheezy's debian-installer

[Raphaël Hertzog]

Package: network-manager
Version: 0.9.4.0-6
Severity: grave

I just installed a new laptop using wheezy's d-i. I do have IPv6 on the
network and as a result d-i did output supplementary entries in
/etc/network/interfaces.

However NetworkManager garbled them and the result is a file that
ifup doesn't parse. The net result is that the loopback interface
is not configured... and random things that don't work with hard to
debug failures.

$ cat /etc/network/interfaces
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

# The loopback network interface
auto lo
iface lo inet loopback

# The primary network interface
allow-hotplug eth0
#NetworkManager#iface eth0 inet dhcp
# This is an autoconfigured IPv6 interface
#NetworkManager#iface eth0 inet6 manual
up ip link set eth0 up
down ip link set eth0 down

Either NM needs to learn those new entries or we need to find a
definitive solution...

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.5-trunk-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages network-manager depends on:
ii  adduser3.113+nmu3
ii  dbus   1.6.2-2
ii  dpkg   1.16.8
ii  isc-dhcp-client4.2.4-2
ii  libc6  2.13-35
ii  libdbus-1-31.6.2-2
ii  libdbus-glib-1-2   0.100-1
ii  libgcrypt111.5.0-3
ii  libglib2.0-0   2.33.12+really2.32.3-2
ii  libgnutls262.12.20-1
ii  libgudev-1.0-0 175-7
ii  libnl-3-2003.2.7-4
ii  libnl-genl-3-200   3.2.7-4
ii  libnl-route-3-200  3.2.7-4
ii  libnm-glib40.9.4.0-6
ii  libnm-util20.9.4.0-6
ii  libpolkit-gobject-1-0  0.105-1
ii  libuuid1   2.20.1-5.2
ii  lsb-base   4.1+Debian7
ii  udev   175-7
ii  wpasupplicant  1.0-2

Versions of packages network-manager recommends:
ii  crda  1.1.2-1
ii  dnsmasq-base  2.63-3
ii  iptables  1.4.14-3
ii  modemmanager  0.5.2.0-2
ii  policykit-1   0.105-1
ii  ppp   2.4.5-5.1+b1

Versions of packages network-manager suggests:
ii  avahi-autoipd  0.6.31-1

-- no debconf information


-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#679959: marked as pending

[Raphaël Hertzog]

tag 679959 pending
thanks

Hello,

Bug #679959 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=c140193

---
commit c140193701a69b95d974f5ec128a7cea323b5da7
Author: Raphaël Hertzog hert...@debian.org
Date:   Mon Jul 2 21:13:41 2012 +0200

dpkg-gencontrol: fix handling of old-style bin-nmus

With old style bin-nmus, the source version is extrapolated from the
binary version and thus we need to retrieve the correct source version
from Dpkg::Substvars instead of assuming that what we submitted has
been unchanged.

Regression introduced in commit 094d3a7e61e6fc1f5634d880957d18ed70954a60.

Reported-by: Julien Cristau jcris...@debian.org
Closes: #679959

diff --git a/debian/changelog b/debian/changelog
index 7a3be31..07b4ae0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,10 @@ dpkg (1.16.7) UNRELEASED; urgency=low
   [ Guillem Jover ]
   * Fix bogus dpkg-query --control-show badusage() strings.
 
+  [ Raphaël Hertzog ]
+  * Fix dpkg-gencontrol to correctly compute the source version
+in the case of old-style bin-nmus. Closes: #679959
+
   [ Updated dselect translations ]
   * Catalan (Guillem Jover).
   * French (Christian Perrier).



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#675349: sbuild: obsolete /etc/schroot/setup.d/99builddsourceslist incompatible with latest schroot version

[Raphaël Hertzog]

Package: sbuild
Version: 0.63.0-1
Severity: critical

With the latest schroot, the setup script
/etc/schroot/setup.d/99builddsourceslist shippped by sbuild breaks
all chroots.

$ LANG=C schroot -c sid -p
I: 99builddsourceslist: script-config file '/etc/schroot/default/config' does 
not exist
E: sid-58c37b67-cfca-43ae-b674-e2f03b9110ce: Chroot setup failed: 
stage=setup-start

This is because schroot dropped those files. Changelog of version 1.5.2 of
schroot says this:
  * schroot preinst: Remove default (script-config) conffiles on
upgrade.  These are deprecated and support will be dropped in
the future.

But apparently this /etc/schroot/setup.d/99builddsourceslist is no longer
provided by sbuild and should be dropped. sbuild should be updated to clean it
up automatically.

$ dpkg -s sbuild
Package: sbuild
Status: install ok installed
Priority: extra
Section: devel
Installed-Size: 453
Maintainer: Debian buildd-tools Developers 
buildd-tools-de...@lists.alioth.debian.org
Architecture: all
Version: 0.63.0-1
Depends: perl, perl-modules, libsbuild-perl (= 0.63.0-1), adduser, apt-utils
Recommends: fakeroot, debootstrap
Suggests: wget, deborphan
Conffiles:
 /etc/sbuild/sbuild.conf bf61a5b8ddaf658699915807a42780c3
 /etc/schroot/setup.d/99builddsourceslist 2ef52a245a5d42b8614ebf7b7e54fbff 
obsolete
[...]

$ dpkg-query -W schroot
schroot 1.5.4-1


-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.2.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages sbuild depends on:
ii  adduser 3.113+nmu3
ii  apt-utils   0.9.5.1
ii  libsbuild-perl  0.63.0-1
ii  perl5.14.2-11
ii  perl-modules5.14.2-11

Versions of packages sbuild recommends:
ii  debootstrap  1.0.40
ii  fakeroot 1.18.3-1

Versions of packages sbuild suggests:
ii  deborphan  1.7.28.7
ii  wget   1.13.4-3

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#652991: xul-ext-webdeveloper: Need update for Iceweasel/Firefox 9

[Raphaël Hertzog]

Package: xul-ext-webdeveloper
Version: 1.1.9-4
Severity: grave
Justification: renders package unusable

With iceweasel 9 now in sid, it's no longer possible to install
xul-ext-webdeveloper. Please update it for the latest iceweasel.

-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages xul-ext-webdeveloper depends on:
ii  iceweasel  8.0-3+b1

xul-ext-webdeveloper recommends no packages.

xul-ext-webdeveloper suggests no packages.

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#648937: doc-base: trigger fails when Locale::gettext is broken due to perl upgrade

[Raphaël Hertzog]

Package: doc-base
Version: 0.10.2
Severity: serious

Sorry I only have the log in French but you can translate:
- Préparation du remplacement - Preparing to replace
- Dépaquetage de la mise à jour - Unpacking update
- Paramétrage - Configuring
- Traitement des actions différées pour - Processing trigger for

Préparation du remplacement de perl-doc 5.12.4-6 (en utilisant 
.../perl-doc_5.14.2-3_all.deb) ...
Conservation de « détournement de /usr/bin/perldoc en /usr/bin/perldoc.stub par 
perl-doc »
Dépaquetage de la mise à jour de perl-doc ...
Préparation du remplacement de libdevel-cover-perl 0.77-1+b2 (en utilisant 
.../libdevel-cover-perl_0.77-1+b3_i386.deb) ...
Dépaquetage de la mise à jour de libdevel-cover-perl ...
Préparation du remplacement de perl 5.12.4-6 (en utilisant 
.../perl_5.14.2-3_i386.deb) ...
Dépaquetage de la mise à jour de perl ...
Selecting previously unselected package libperl5.14.
Dépaquetage de libperl5.14 (à partir de .../libperl5.14_5.14.2-3_i386.deb) ...
[...]
Dépaquetage de la mise à jour de perl-base ...
Paramétrage de perl-base (5.14.2-3) ...
Traitement des actions différées (« triggers ») pour « menu »...
Traitement des actions différées (« triggers ») pour « desktop-file-utils »...
Traitement des actions différées (« triggers ») pour « man-db »...
Traitement des actions différées (« triggers ») pour « doc-base »...
/usr/bin/perl: symbol lookup error: 
/usr/lib/perl5/auto/Locale/gettext/gettext.so: undefined symbol: 
Perl_Gthr_key_ptr
dpkg : erreur de traitement de doc-base (--triggers-only) :
 le sous-processus script post-installation installé a retourné une erreur de 
sortie d'état 127

In general it's not safe to use Locale::gettext in any maintainer script.
It has been the source of numerous failures in the past. Cf
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=479681

A work-around is to set $ENV{PERL_DL_NONLAZY} = 1 and to intercept the
failure to load Locale::gettext and put compatibility stubs in that case.
See for example how Dpkg::Gettext does it.

This breaks upgrade so I put a serious severity. I also CC debian-perl for
information.  Note that my APT is setup with some custom parameters (which
are supposed to become the default at some point in the future).

// Trigger deferred
DPkg::NoTriggers true;
PackageManager::Configure smart;
DPkg::ConfigurePending true;
DPkg::TriggersPending true;

-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.0.0-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages doc-base depends on:
ii  libuuid-perl   0.02-4+b1
ii  libyaml-tiny-perl  1.50-1   

doc-base recommends no packages.

Versions of packages doc-base suggests:
ii  rarian-compat  0.8.1-5
ii  yelp   3.2.1+dfsg-1+b1

-- debconf-show failed



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#641530: fop: fails with java.lang.IllegalArgumentException: Cannot open file sRGB.pf

[Raphaël Hertzog]

Package: fop
Version: 1:1.0.dfsg2-2
Severity: grave
Justification: renders package unusable

As you can see in #640308, fop doesn't work any longer... and I have the exact
same problem when trying to build the publican package.

I'm not sure what's the root cause of the problem but it might be similar
to this report:
http://www-01.ibm.com/support/docview.wss?uid=swg1PM17433

So possibly a security change that forbids the automatic discovery
of files with a relative path if some symlinks are involved. CCing debian-java
as their input can be useful here.

I'm using:
$ java -version
java version 1.6.0_23
OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre9-1)
OpenJDK Server VM (build 20.0-b11, mixed mode)

Failure log:

[warning] /usr/bin/fop: Unable to locate servlet-api in /usr/share/java
java.lang.IllegalArgumentException: Cannot open file sRGB.pf
at 
java.awt.color.ICC_Profile.activateDeferredProfile(ICC_Profile.java:1085)
at java.awt.color.ICC_Profile$1.activate(ICC_Profile.java:741)
at 
sun.java2d.cmm.ProfileDeferralMgr.activateProfiles(ProfileDeferralMgr.java:93)
at java.awt.color.ICC_Profile.getInstance(ICC_Profile.java:774)
at java.awt.color.ICC_Profile.getInstance(ICC_Profile.java:994)
at 
org.apache.fop.pdf.PDFICCBasedColorSpace.setupsRGBColorProfile(PDFICCBasedColorSpace.java:141)
at 
org.apache.fop.pdf.PDFICCBasedColorSpace.setupsRGBAsDefaultRGBColorSpace(PDFICCBasedColorSpace.java:109)
at 
org.apache.fop.render.pdf.PDFRenderingUtil.addsRGBColorSpace(PDFRenderingUtil.java:265)
at 
org.apache.fop.render.pdf.PDFRenderingUtil.setupPDFDocument(PDFRenderingUtil.java:378)
at 
org.apache.fop.render.pdf.PDFDocumentHandler.startDocument(PDFDocumentHandler.java:144)
at 
org.apache.fop.render.intermediate.IFRenderer.startRenderer(IFRenderer.java:253)
at org.apache.fop.area.RenderPagesModel.init(RenderPagesModel.java:79)
at 
org.apache.fop.area.AreaTreeHandler.setupModel(AreaTreeHandler.java:130)
at org.apache.fop.area.AreaTreeHandler.init(AreaTreeHandler.java:102)
at 
org.apache.fop.render.RendererFactory.createFOEventHandler(RendererFactory.java:359)
at org.apache.fop.fo.FOTreeBuilder.init(FOTreeBuilder.java:105)
at org.apache.fop.apps.Fop.createDefaultHandler(Fop.java:101)
at org.apache.fop.apps.Fop.init(Fop.java:79)
at org.apache.fop.apps.FopFactory.newFop(FopFactory.java:271)
at org.apache.fop.cli.InputHandler.renderTo(InputHandler.java:109)
at org.apache.fop.cli.Main.startFOP(Main.java:174)
at org.apache.fop.cli.Main.main(Main.java:207)


-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages fop depends on:
ii  default-jre-headless [java2-runtime-headless]1:1.6-43   
ii  gcj-4.4-jre-headless [java2-runtime-headless]4.4.6-10   
ii  gcj-4.6-jre-headless [java2-runtime-headless]4.6.1-4
ii  gcj-jre-headless [java2-runtime-headless]4:4.6.1-2  
ii  java-wrappers0.1.23 
ii  libavalon-framework-java 4.2.0-7
ii  libbatik-java1.7-7  
ii  libbsf-java  1:2.4.0-4  
ii  libcommons-io-java   1.4-3  
ii  libcommons-logging-java  1.1.1-8
ii  libxalan2-java   2.7.1-5
ii  libxerces2-java  2.11.0-2   
ii  libxml-commons-external-java 1.4.01-2   
ii  libxmlgraphics-commons-java  1.4.dfsg-3 
ii  libxt6   1:1.1.1-2  
ii  libxtst6 2:1.2.0-3  
ii  openjdk-6-jre-headless [java2-runtime-headless]  6b23~pre9-1
ii  sun-java6-jre [java2-runtime-headless]   6.26-3 

Versions of packages fop recommends:
ii  libsaxon-java  1:6.5.5-7

Versions of packages fop suggests:
pn  fop-doc none
pn  libservlet2.4-java  none

-- no debconf information



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#637057: Installing php5-idn makes apache2 segfault (if using the php5 module)

[Raphaël Hertzog]

Package: php5-idn
Version: 1.2b-6
Severity: critical

I installed this php5 module as a dependency of libphp-simplepie and
since then apache doesn's start anymore. I verified that decommenting
the line in /etc/php5/conf.d/idn.conf makes it work again.

Further inspection seems to indicate that it must not be loaded at the
same time as php5-intl... since loading it without loading php5-intl
works.

This package has been removed from unstable, but maybe we should do in
stable what we did in unstable:
- update the libphp-simplepie dependency to php5-intl
- make php5-intl conflict with php5-idn

-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 3.0.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#630862: libconfuse-common: Upgrade fails due to file overwrite error

[Raphaël Hertzog]

Package: libconfuse-common
Version: 2.7-2
Severity: serious
Justification: missing breaks/replaces

Today's upgrade lead to this:
Dépaquetage de libconfuse-common (à partir de 
.../libconfuse-common_2.7-2_all.deb) ...
dpkg : erreur de traitement de 
/var/cache/apt/archives/libconfuse-common_2.7-2_all.deb (--unpack) :
 tentative de remplacement de « /usr/share/locale/fr/LC_MESSAGES/confuse.mo », 
qui appartient aussi au paquet libconfuse0 2.7-1

You should add a breaks + replaces on libconfuse0 ( 2.7-2).

Cheers,

-- System Information:
Debian Release: wheezy/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'proposed-updates'), (500, 
'unstable'), (500, 'testing'), (500, 'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.39-2-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#622250: apt-get update fails mysteriously

[Raphaël Hertzog]

Package: apt
Version: 0.8.13.2
Severity: grave
Justification: renders package unusable

I get this:
$ LANG=C sudo apt-get update
Hit http://nas unstable InRelease
Hit http://nas wheezy InRelease   
Hit http://ftp.fr.debian.org experimental InRelease 

Hit http://nas wheezy/updates InRelease
Ign http://nas squeeze InRelease 
Hit http://nas unstable/main Sources
Hit http://nas unstable/contrib Sources
Hit http://nas unstable/non-free Sources
Hit http://nas squeeze Release.gpg
Hit http://nas squeeze Release
W: Failed to fetch http://nas/debian/dists/unstable/InRelease  Unable to find 
expected entry 'main/binary-/Packages' in Release file (Wrong sources.list 
entry or malformed file)

W: Failed to fetch http://nas/debian/dists/wheezy/InRelease  Unable to find 
expected entry 'main/binary-/Packages' in Release file (Wrong sources.list 
entry or malformed file)

W: Failed to fetch http://nas:/security/dists/wheezy/updates/InRelease  
Unable to find expected entry 'main/binary-/Packages' in Release file (Wrong 
sources.list entry or malformed file)

W: Failed to fetch http://ftp.fr.debian.org/debian/dists/experimental/InRelease 
 Unable to find expected entry 'main/binary-/Packages' in Release file (Wrong 
sources.list entry or malformed file)

W: Failed to fetch http://nas/debian/dists/squeeze/Release  Unable to find 
expected entry 'main/binary-/Packages' in Release file (Wrong sources.list 
entry or malformed file)

E: Some index files failed to download. They have been ignored, or old ones 
used instead.


If I downgrade back to 0.8.13.1 it works fine. It looks like it misses the
architecture information...


-- Package-specific info:

-- apt-config dump --

APT ;
APT::Architecture i386;
APT::Build-Essential ;
APT::Build-Essential:: build-essential;
APT::Install-Recommends true;
APT::Install-Suggests 0;
APT::Acquire ;
APT::Acquire::Translation environment;
APT::Authentication ;
APT::Authentication::TrustCDROM true;
APT::NeverAutoRemove ;
APT::NeverAutoRemove:: ^firmware-linux.*;
APT::NeverAutoRemove:: ^linux-firmware$;
APT::NeverAutoRemove:: ^linux-image.*;
APT::NeverAutoRemove:: ^kfreebsd-image.*;
APT::NeverAutoRemove:: ^linux-restricted-modules.*;
APT::NeverAutoRemove:: ^linux-ubuntu-modules-.*;
APT::NeverAutoRemove:: ^gnumach$;
APT::Never-MarkAuto-Sections ;
APT::Never-MarkAuto-Sections:: metapackages;
APT::Never-MarkAuto-Sections:: restricted/metapackages;
APT::Never-MarkAuto-Sections:: universe/metapackages;
APT::Never-MarkAuto-Sections:: multiverse/metapackages;
APT::Never-MarkAuto-Sections:: oldlibs;
APT::Never-MarkAuto-Sections:: restricted/oldlibs;
APT::Never-MarkAuto-Sections:: universe/oldlibs;
APT::Never-MarkAuto-Sections:: multiverse/oldlibs;
APT::Periodic ;
APT::Periodic::Update-Package-Lists 1;
APT::Periodic::Download-Upgradeable-Packages 0;
APT::Periodic::AutocleanInterval 0;
APT::Update ;
APT::Update::Post-Invoke ;
APT::Update::Post-Invoke:: touch /var/lib/apt/periodic/update-success-stamp 
2/dev/null || true;
APT::Update::Post-Invoke-Success ;
APT::Update::Post-Invoke-Success:: [ ! -f /var/run/dbus/system_bus_socket ] || 
/usr/bin/dbus-send --system --dest=org.debian.apt --type=signal /org/debian/apt 
org.debian.apt.CacheChanged || true;
APT::Archives ;
APT::Archives::MaxAge 30;
APT::Archives::MinAge 2;
APT::Archives::MaxSize 500;
APT::Get ;
APT::Get::Build-Dep-Automatic true;
Dir /;
Dir::State var/lib/apt/;
Dir::State::lists lists/;
Dir::State::cdroms cdroms.list;
Dir::State::mirrors mirrors/;
Dir::State::extended_states extended_states;
Dir::State::status /var/lib/dpkg/status;
Dir::Cache var/cache/apt/;
Dir::Cache::archives archives/;
Dir::Cache::srcpkgcache srcpkgcache.bin;
Dir::Cache::pkgcache pkgcache.bin;
Dir::Etc etc/apt/;
Dir::Etc::sourcelist sources.list;
Dir::Etc::sourceparts sources.list.d;
Dir::Etc::vendorlist vendors.list;
Dir::Etc::vendorparts vendors.list.d;
Dir::Etc::main apt.conf;
Dir::Etc::netrc auth.conf;
Dir::Etc::parts apt.conf.d;
Dir::Etc::preferences preferences;
Dir::Etc::preferencesparts preferences.d;
Dir::Etc::trusted trusted.gpg;
Dir::Etc::trustedparts trusted.gpg.d;
Dir::Bin ;
Dir::Bin::methods /usr/lib/apt/methods;
Dir::Bin::dpkg /usr/bin/dpkg;
Dir::Media ;
Dir::Media::MountPath /media/apt;
Dir::Log var/log/apt;
Dir::Log::Terminal term.log;
Dir::Log::History history.log;
Dir::Ignore-Files-Silently ;
Dir::Ignore-Files-Silently:: ~$;
Dir::Ignore-Files-Silently:: \.disabled$;
Dir::Ignore-Files-Silently:: \.bak$;
Dir::Ignore-Files-Silently:: \.dpkg-[a-z]+$;
Acquire ;
Acquire::cdrom ;
Acquire::cdrom::mount /media/cdrom/;
Acquire::Pdiffs false;
Unattended-Upgrade ;
Unattended-Upgrade::Origins-Pattern ;
Unattended-Upgrade::Origins-Pattern:: 
origin=Debian,label=Debian-Security,archive=stable;
DPkg ;
DPkg::Pre-Install-Pkgs ;
DPkg::Pre-Install-Pkgs:: /usr/sbin/dpkg-preconfigure --apt || true;
DPkg::Post-Invoke ;
DPkg::Post-Invoke:: if 

Bug#614750: Fails to restart due to /etc/ssl/certs not existing in /var/spool/postfix

[Raphaël Hertzog]

Package: postfix
Version: 2.8.0-2
Severity: serious

It looks like the init script is not working here:

$ LANG=C sudo apt-get dist-upgrade
[sudo] password for rhertzog: 
Reading package lists... Done
Building dependency tree   
Reading state information... Done
Calculating upgrade... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Do you want to continue [Y/n]? 
Setting up postfix (2.8.0-2) ...

Postfix configuration was untouched.  If you need to make changes, edit
/etc/postfix/main.cf (and others) as needed.  To view Postfix configuration
values, see postconf(1).

After modifying main.cf, be sure to run '/etc/init.d/postfix reload'.

Running newaliases
Stopping Postfix Mail Transport Agent: postfix.
Starting Postfix Mail Transport Agent: postfixcp: cannot create regular file 
`/var/spool/postfix//etc/ssl/certs': No such file or directory
invoke-rc.d: initscript postfix, action restart failed.
dpkg: error processing postfix (--configure):
 subprocess installed post-installation script returned error exit status 1
configured to not write apport reports
  Errors were encountered while processing:
 postfix
E: Sub-process /usr/bin/dpkg returned an error code (1)

Cheers,

-- System Information:
Debian Release: wheezy/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'stable'), (150, 
'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages postfix depends on:
ii  adduser   3.112+nmu2 add and remove users and groups
ii  debconf [debconf-2.0] 1.5.38 Debian configuration management sy
ii  dpkg  1.16.0 Debian package management system
ii  libc6 2.11.2-11  Embedded GNU C Library: Shared lib
ii  libdb4.8  4.8.30-5   Berkeley v4.8 Database Libraries [
ii  libsasl2-22.1.23.dfsg1-7 Cyrus SASL - authentication abstra
ii  libssl0.9.8   0.9.8o-5   SSL shared libraries
ii  lsb-base  3.2-27 Linux Standard Base 3.2 init scrip
ii  netbase   4.45   Basic TCP/IP networking system
ii  ssl-cert  1.0.28 simple debconf wrapper for OpenSSL

Versions of packages postfix recommends:
ii  python  2.6.6-3+squeeze5 interactive high-level object-orie

Versions of packages postfix suggests:
ii  bsd-mailx [mail-re 8.1.2-0.20100314cvs-1 simple mail user agent
pn  dovecot-common none(no description available)
ii  evolution [mail-re 2.32.2-1  groupware suite with mail client a
ii  libsasl2-modules   2.1.23.dfsg1-7Cyrus SASL - pluggable authenticat
ii  mutt [mail-reader] 1.5.20-9+squeeze1 text-based mailreader supporting M
pn  postfix-cdbnone(no description available)
pn  postfix-ldap   none(no description available)
pn  postfix-mysql  none(no description available)
pn  postfix-pcre   none(no description available)
pn  postfix-pgsql  none(no description available)
ii  procmail   3.22-19   Versatile e-mail processor
pn  resolvconf none(no description available)
pn  sasl2-bin  none(no description available)
pn  ufwnone(no description available)

-- debconf information:
  postfix/mailname: /etc/mailname
  postfix/tlsmgr_upgrade_warning:
  postfix/recipient_delim: +
* postfix/main_mailer_type: No configuration
  postfix/retry_upgrade_warning:
  postfix/kernel_version_warning:
  postfix/relayhost:
  postfix/procmail:
  postfix/bad_recipient_delimiter:
  postfix/chattr: false
  postfix/root_address:
  postfix/rfc1035_violation: false
  postfix/mydomain_warning:
  postfix/mynetworks: 127.0.0.0/8 [:::127.0.0.0]/104 [::1]/128
  postfix/destinations:
  postfix/not_configured:
  postfix/mailbox_limit: 0
  postfix/protocols:



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#613381: glib2.0: Breaks user's selection of default web browser

[Raphaël Hertzog]

Package: libglib2.0-0
Version: 2.28.0-1
Severity: serious

Since libglib has been upgraded, when you click on a link, it does no
longer open the browser selected by the user in the Gnome settings.

This bug is meant to block transition to testing of the new glib until
gnome-control-center and gnome-session have been upgraded to cope with
this change.

See the discussion on -devel:
http://lists.debian.org/debian-devel/2011/02/msg00300.html

Cheers,

-- System Information:
Debian Release: wheezy/sid
  APT prefers oldstable
  APT policy: (500, 'oldstable'), (500, 'unstable'), (500, 'testing'), (500, 
'stable'), (150, 'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#610991: marked as pending

[Raphaël Hertzog]

tag 610991 pending
thanks

Hello,

Bug #610991 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=f589a03

---
commit f589a03c6fcd9360d00cb4b084d55704c3c8746f
Author: Raphaël Hertzog hert...@debian.org
Date:   Mon Jan 24 20:43:13 2011 +0100

debian/control: drop Breaks on konqueror

With this Breaks, apt-get install udev that is recommended at the start
of a lenny-squeeze upgrade might remove the kde metapackage. This is
due to udev needing a new util-linux that itself needs a newer dpkg (due
to the install-info transition).

In contrast, the lack of the Breaks has very minimal consequences: partial
upgrades might not install install-info and in that case konqueror might
show an outdated list of info pages.

diff --git a/debian/changelog b/debian/changelog
index a402570..85a01e5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,10 @@
 dpkg (1.15.8.9) UNRELEASED; urgency=low
 
+  [ Raphaël Hertzog ]
+  * Drop Breaks on konqueror to avoid some lenny - squeeze upgrade
+problems. It was only needed to ensure install-info is installed
+even for partial upgrades. Closes: #610991
+
   [ Updated dpkg translations ]
   * Remove space before … in several Catalan strings (Jordi Mallach).
 



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#600051: stupid permissions on /etc/couchdb/ leading to desktopcouch not working

[Raphaël Hertzog]

Package: couchdb
Version: 0.11.0-2.1
Severity: serious

The chmod -R 0770 /etc/couchdb is just plain wrong in the postinst.

The only file that needs to be read protected is local.ini because it
might contain a password.

The other files should be 664. Directories should be 775.

Please drop this chmod call in the postinst and provide correct
dependencies in the package itself. You are resetting any permission that
the admin might have set on any file...

(Or at least change the permission only on the initial installation.)

Furthermore, those needlessly restrictive permissions break desktopcouch.

Cheers,

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (150, 
'experimental')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages couchdb depends on:
ii  adduser3.112+nmu1add and remove users and groups
ii  erlang-base [erlang-abi-13 1:14.a-dfsg-2 Erlang/OTP virtual machine and bas
ii  erlang-crypto  1:14.a-dfsg-2 Erlang/OTP cryprographic modules
ii  erlang-inets   1:14.a-dfsg-2 Erlang/OTP Internet clients and se
ii  erlang-ssl 1:14.a-dfsg-2 Erlang/OTP implementation of SSL
ii  erlang-tools   1:14.a-dfsg-2 Erlang/OTP various tools
ii  erlang-xmerl   1:14.a-dfsg-2 Erlang/OTP XML tools
ii  libc6  2.11.2-6  Embedded GNU C Library: Shared lib
ii  libcurl3   7.21.1-1  Multi-protocol file transfer libra
ii  libicu44   4.4.1-6   International Components for Unico
ii  libjs-jquery   1.4.2-2   JavaScript library for dynamic web
ii  libmozjs2d 1.9.1.13-1The Mozilla SpiderMonkey JavaScrip
ii  lsb-base   3.2-26Linux Standard Base 3.2 init scrip
ii  mawk   1.3.3-15  a pattern scanning and text proces
ii  procps 1:3.2.8-9 /proc file system utilities

couchdb recommends no packages.

couchdb suggests no packages.

-- Configuration Files:
/etc/couchdb/local.ini [Errno 13] Permission non accordée: 
u'/etc/couchdb/local.ini'

-- no debconf information



--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#596417: marked as pending

[Raphaël Hertzog]

tag 596417 pending
thanks

Hello,

Bug #596417 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=4d6c430

---
commit 4d6c43090715ea4ed74b376bdc7bff73faaa569a
Author: Raphaël Hertzog hert...@debian.org
Date:   Sat Sep 11 10:13:53 2010 +0200

Update dpkg's Breaks dependency to include dpkg-dev ( 1.15.8)

It ensures that older versions of dpkg-dev that did not depend on
libdpkg-perl must be upgraded together with dpkg.

Reported-by: Lionel Elie Mamane lio...@mamane.lu

diff --git a/debian/changelog b/debian/changelog
index ba04518..318e67e 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -22,6 +22,9 @@ dpkg (1.15.8.5) UNRELEASED; urgency=low
 tarballs. Upstream binary files modified by the packager were not properly
 installed due to this. Thanks to James Westby for the report.
 Closes: #594440
+  * Make dpkg Breaks: dpkg-dev ( 1.15.8) so that older versions of dpkg-dev
+that did not depend on libdpkg-perl must be upgraded together with dpkg.
+Closes: #596417
 
   [ Helge Kreutzmann ]
   * Fix encoding of German addendum. Closes: #595643



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#591182: marked as pending

[Raphaël Hertzog]

tag 591182 pending
thanks

Hello,

Bug #591182 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=9036687

---
commit 9036687a8cbd87ce319df56dd362bb2adae96fc4
Author: Jonathan Nieder jrnie...@gmail.com
Date:   Sun Aug 1 08:59:47 2010 +0200

Fix dpkg-divert test suite to cope with + in the build directory name

The directory name was not properly escaped in regular expressions
and lead to test failures when it contained + or other characters with
special meanings in regular expressions.

Signed-off-by: Raphaël Hertzog hert...@debian.org

diff --git a/debian/changelog b/debian/changelog
index 0dcc00e..dae537a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+dpkg (1.15.8.3) UNRELEASED; urgency=low
+
+  * Fix dpkg-divert test suite to cope with + and other special characters for
+regexps in the build directory name. Thanks to Jonathan Nieder for the
+patch and to Phil Kern for the report. Closes: #591182
+
+ -- Raphaël Hertzog hert...@debian.org  Sun, 01 Aug 2010 08:54:39 +0200
+
 dpkg (1.15.8.2) unstable; urgency=low
 
   * Bump libdpkg-perl Depends on dpkg to 1.15.8, as it will break dpkg



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#590854: marked as pending

[Raphaël Hertzog]

tag 590854 pending
thanks

Hello,

Bug #590854 reported by you has been fixed in the Git repository. You can
see the changelog below, and you can check the diff of the fix at:

http://git.debian.org/?p=dpkg/dpkg.git;a=commitdiff;h=867edc4

---
commit 867edc4d1736e0052143d1cd28b7dda3fd71ba45
Author: Raphaël Hertzog hert...@debian.org
Date:   Thu Jul 29 20:36:09 2010 +0200

update-alternatives: fix off-by-one errors

alternative_sort_choices() and alternative_sort_slaves() were affected
by an off-by-one error that could result in linked lists looping over
themselves since the last element was not properly put back in the list.

diff --git a/debian/changelog b/debian/changelog
index a291980..a5dbeac 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+dpkg (1.15.8.1) UNRELEASED; urgency=low
+
+  * Fix off-by-one error in update-alternatives that lead to an infinite loop
+while writing the administrative file. Closes: #590854
+
+ -- Raphaël Hertzog hert...@debian.org  Thu, 29 Jul 2010 20:32:33 +0200
+
 dpkg (1.15.8) unstable; urgency=low
 
   [ Raphaël Hertzog ]



-- 
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org